Hello. I have xf 1.5.16 and use php 7.0
One stupid children wanted to hack my forum, i got a lot of errors, a sample:
[CODE]ErrorException: Array to string conversion - library/XenForo/Controller.php:236
Сгенерирована пользователем: //del, Сегодня, в 19:27
Трассировка стэка
#0 [internal function]: XenForo_Application::handlePhpError(8, 'Array to string...', '//deleted', 236, Array)
#1 library/XenForo/Controller.php(236): strval(Array)
#2 library/XenForo/Controller.php(195): XenForo_Controller->_checkCsrfFromToken(Array)
#3 library/XenForo/Controller.php(307): XenForo_Controller->_checkCsrf('Popup')
#4 library/XenForo/FrontController.php(368): XenForo_Controller->preDispatch('Popup', 'XenForo_Control...')
#5 library/XenForo/FrontController.php(152): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#6 index.php(18): XenForo_FrontController->run()
#7 {main}
Содержимое запроса
array(3) {
["url"] => string(115) "http://site.com/conversations/popup?_xfNoRedirect=1&_xfRequestUri=/&_xfResponseType=json&_xfToken[$acunetix]=1"
["_GET"] => array(5) {
["/conversations/popup"] => string(0) ""
["_xfNoRedirect"] => string(1) "1"
["_xfRequestUri"] => string(1) "/"
["_xfResponseType"] => string(4) "json"
["_xfToken"] => array(1) {
["$acunetix"] => string(1) "1"
}
}
["_POST"] => array(0) {
}
}[/CODE]
I think, _checkCsrf function should be like:
[CODE=php]
protected function _checkCsrf($action)
{
if (isset(self::$_executed['csrf']))
{
return;
}
self::$_executed['csrf'] = true;
if (!XenForo_Application::isRegistered('session'))
{
return;
}
if ($this->_request->isPost() || substr($this->getResponseType(), 0, 2) == 'js')
{
// post and all json requests require a token
$this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING));
//$this->_checkCsrfFromToken($this->_request->getParam('_xfToken'));
}
}
[/CODE]
Or change strval to array_map in _checkCsrfFromToken function
[CODE=php]if (is_array($token))
{
$token = array_map('strval', $token);
}
else
{
$token = strval($token);
}[/CODE]
