createPost - Call-time pass-by-reference has been deprecate error

[mpglivecarlo]

hi,

im using the create post function to create a message inside a topic from an outside form, and when i send the information i get the error

Deprecated: Call-time pass-by-reference has been deprecated in D:\xampp\htdocs\blah\scripts\inter.php on line 47

line 47 is:
createPost(&$msgOptions, &$topicOptions, &$posterOptions);

i know that some people have fixed this eliminating the & from the function but i have tried that and when i post it just gets stuck at a blank page.

Any help is welcome since im stuck at this point.

[live627]

Need more to help. Have you declared each variable? How?

[mpglivecarlo]

this is basically the code that takes the information from the form dont know if my newb php is enough.

Code Select Expand

if($ac=="post"){
    require_once('../../forum/Sources/Subs-Post.php');
if (isset($save) ) {

$id_board=$_POST["id_board"];
$id_topic=$_POST["id_topic"];
$id_msg=$_POST["id_msg"];
$msg=$_POST["msg"];
$id_user=$context['user']['id'];
$title="Test";
         
            $msgOptions = array(
            'icon' => 'xx',
              'smileys_enabled' => true,
              'body' => $msg,
                'subject' => $title,
                    );
           
            $topicOptions = array(
                'board' => $id_board,
                'id' => $id_topic,
                'mark_as_read' => true,
                );

            $posterOptions = array(
                'id' =>  $id_user,
                'update_post_count' => true,
                 );
createPost(&$msgOptions, &$topicOptions, &$posterOptions);

                 if($save){
                  echo '<SCRIPT language="JavaScript"> function getgoing(){ top.location="../seccion.php?sec=news&id='.$id_msg.'"; } </SCRIPT>';
                    }
                 }
    }

thx for any help

[live627]

Is this an extension of SMF or your own thing using SSI?

[mpglivecarlo]

"my own thing" using ssi.php

[live627]

ok then... is the above code within a function?

[mpglivecarlo]

nope, just in a plain php file that is called using the form using the link

Code Select Expand

<form action="scripts/inter.php?ac=post" method="post" enctype="multipart/form-data">
<input type="hidden" name="brd" value="<?php echo $id_board ?>" />
<input type="hidden" name="tpc" value="<?php echo $id_topic ?>" />
<input type="hidden" name="id" value="<?php echo $id_msg ?>" />
<table>
<tr>
<td><b>comment:</b></td>
<td><textarea type="text" name="msg" cols="65" rows="3" /></textarea></td>
<td><input type="submit" name="submit" value="Send" class="publicar-empresa" /></td>
</tr>
                                                        </table>
</form>

[Arantor]

And what's that PHP? We don't really care too much about the form, but we do care about the code that you've written which calls createPost...

[mpglivecarlo]

OK, as I said code is inside a simple php file that calls the ssi.php, and the subs-post.php to make the post.

the lines on top of the code i posted are just

Code Select Expand

require_once('../../forum/SSI.php');
mysql_select_db('my_database');

and thats it, it is weird that its not working now because on another website i used the same procedure and works fine. maybe php version (its PHP Version 5.3.8 )?

[Arantor]

Seriously, please just post the entire damn file. The problem is related to how you're setting up and calling createPost. But since you're unable or unwilling to post the actual code itself that's broken, I'm unable or unwilling to help you!

[mpglivecarlo]

no need to be rude, the whole code in the file you already got, is in post #2 but if you need it to be in a single code tag here it is

Code Select Expand

<?php
require_once('../../forum/SSI.php');
mysql_select_db('my_database');

$ac=$_GET["ac"];

if($ac=="post"){
    require_once('../../forum/Sources/Subs-Post.php');
if (isset($save) ) {

$id_board=$_POST["id_board"]; 
$id_topic=$_POST["id_topic"];
$id_msg=$_POST["id_msg"]; 
$msg=$_POST["msg"]; 
$id_user=$context['user']['id'];
$title="Test";
          
            $msgOptions = array(
             'icon' => 'xx',
              'smileys_enabled' => true,
               'body' => $msg,
                'subject' => $title,
                    );
            
            $topicOptions = array(
                'board' => $id_board,
                'id' => $id_topic,
                'mark_as_read' => true,
                 );

            $posterOptions = array(
                'id' =>  $id_user,
                'update_post_count' => true,
                 );
createPost(&$msgOptions, &$topicOptions, &$posterOptions);
 
                 if($save){
                  echo '<SCRIPT language="JavaScript"> function getgoing(){ top.location="../seccion.php?sec=news&id='.$id_msg.'"; } </SCRIPT>';
                    }
                 }
    }

?>

That all the code inside the file for now, just started the file, it will eventually have more small part of code that i have not written. My php is not expert as you can see, so please bear with me.

thanks for any help.

[Arantor]

no need to be rude

There's also no need to keep posting bits and bits of code makes it much harder to figure out what's going on, second guessing what information might or might not be relevant.

I'm still not convinced it's all the code since as it stands, it shouldn't even work (just throw an error about $ac being undefined)

Version of SMF?

[mpglivecarlo]

smf 2.0.2

You are right i didnt put the $ac didnt copy (ill edit the post), but aside from that thats all the code that all the code inside that php, if im missing things are due to my lack of php, not for me lying about it.

dont know if it helps but ill write it still

1. im using a simple html template in front end, pulling information from the SMF DB from a specific message id
2. the hidden fields are filled with the information i pull from the message so that i can complete the information for the new post arrays neede by the function createPost.
3. when someone fills the textarea and submits the form calls the php file that i have posted the code for.
4. what i was expecting is that the php file calls the createPost function and feeds the arrays of settings the function needs to creat a post.
5. that it. basically making a quick reply box for a topic in an outside html form.

once again i dont know what im doing wrong.

[Arantor]

Well, you were half right to start with, take out the & in the createPost calls. Given the code you've posted, it ending up at a blank screen is completely what should happen.

That said, there are a number of steps you need to carry out ahead of calling createPost. You need to call $smcFunc['htmlspecialchars'] on the subject and body text (with ENT_QUOTES, just as Post.php does) and you need to call preparsecode() on the body text as well. Not doing these things is very bad.

[mpglivecarlo]

Well, you were half right to start with, take out the & in the createPost calls. Given the code you've posted, it ending up at a blank screen is completely what should happen.

That said, there are a number of steps you need to carry out ahead of calling createPost. You need to call $smcFunc['htmlspecialchars'] on the subject and body text (with ENT_QUOTES, just as Post.php does) and you need to call preparsecode() on the body text as well. Not doing these things is very bad.

So after I get the values from the form i should do thoose steps in that order?

1. $smFunc['htmlspecialchars'] on the body and subject
2. preparsecode() on the body text

and should not display the error "Deprecated: Call-time pass-by-reference has been deprecated" ?

thank you and ill try to setup your suggestions and see if i get it right.

[Arantor]

Yes, like SMF does. You should probably review the code in Post2() in Post.php.

But you're missing my point. The error is being displayed because you're using & in the function calls, not for any other reason - and you do not require those at all. It's entirely possible that there's something else going on, but when you get the blank page at the end, that's what's supposed to happen because you haven't given it anything else to do.

The instructions I've given are to make sure people don't injection nasty code into your site through this form.

[mpglivecarlo]

Yes, like SMF does. You should probably review the code in Post2() in Post.php.

But you're missing my point. The error is being displayed because you're using & in the function calls, not for any other reason - and you do not require those at all. It's entirely possible that there's something else going on, but when you get the blank page at the end, that's what's supposed to happen because you haven't given it anything else to do.

The instructions I've given are to make sure people don't injection nasty code into your site through this form.

Leaving the security changes i have to make, i have tried to use the function without the & like this:

createPost($msgOptions, $topicOptions, $posterOptions);

And at the end it just returns a blank page, so i dont know what else could it be.

[Arantor]

And at the end it just returns a blank page, so i dont know what else could it be.

It's doing EXACTLY WHAT YOU TOLD IT TO DO.

It reads the data, calls createPost. What did you expect it to do? createPost creates the post. It's up to you to then display something or redirect or something.

[mpglivecarlo]

i was testing then to echo out some variables but didnt work.

i did this, i checked the post2() part in post.php, and found the part where it gets filtered (hope i found the right part) this is how the file looks now is it ok? or did i mess all up? thank you for your help and patience.

Code Select Expand

if($ac=="post"){
    require_once('../../foro/Sources/Subs-Post.php');
if (isset($save)){

// Check the subject and message.
if (!isset($_POST['sub']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['sub'])) === '')
$post_errors[] = 'no_subject';
if (!isset($_POST['msg']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['msg']), ENT_QUOTES) === '')
$post_errors[] = 'no_message';
elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['msg']) > $modSettings['max_messageLength'])
$post_errors[] = 'long_message';
else
{
// Prepare the message a bit for some additional testing.
$_POST['msg'] = $smcFunc['htmlspecialchars']($_POST['msg'], ENT_QUOTES);

// Preparse code. (Zef)
if ($user_info['is_guest'])
$user_info['name'] = $_POST['guestname'];
preparsecode($_POST['msg']);

// Let's see if there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['msg'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['msg'], '[html]') === false))
$post_errors[] = 'no_message';
}

$id_board=$_POST["brd"];
$id_topic=$_POST["tpc"];
$id_msg=$_POST["id"];
$msg=$_POST["msg"];
$id_user=$context['user']['id'];
$title=$_POST["sub"];

            $msgOptions = array(
            'icon' => 'xx',
              'smileys_enabled' => true,
              'body' => $msg,
                'subject' => $title,
                    );
           
            $topicOptions = array(
                'board' => $id_board,
                'id' => $id_topic,
                'mark_as_read' => true,
                );

            $posterOptions = array(
                'id' =>  $id_user,
                'update_post_count' => true,
                 );

createPost($msgOptions, $topicOptions, $posterOptions);

                 if($save){
                  echo '<SCRIPT language="JavaScript"> function getgoing(){ top.location="../seccion.php?sec=news&id='.$id_msg.'"; } </SCRIPT>';
                    }
        }
    }

it posted the message correctly but, wanted to check with you if i did the message and subject check right.

[Arantor]

The screening part is right, except that you don't check that $post_errors is empty before trying to create the post.

Either way, once you've made the post, it still won't do anything because while you're giving it JavaScript to output once you're done, you're not actually calling that code so it quite rightly will just give you an empty page.

(The correct thing to do once the page is finished is to call redirectexit() with the URL of where users should be going. But DO NOT put $id_msg back in the redirection of the URL, there is absolutely no reason to do that and plenty of reasons not to.)