Error handling when passing array variables from 3rd party components

Started by balai, March 22, 2017, 17:46:14 PM

Previous topic - Next topic

balai

It's possible that variables with the same names as those used in VM are used by 3rd  party components.
e.g. a filtering application or a form to submit data.
Also it's possible that these variables have different data type than the one VM uses. For example can be arrays (e.g. virtuemart_category_id[0]=1&virtuemart_category_id[1]=2).

Now if a Virtuemart products module happens to be published at any of these pages (pages unrelated to the VM component), you are getting a 1054 database error.

Unknown column 'Array' in 'where clause' SQL=SELECT p.`virtuemart_product_id` FROM `#__virtuemart_products` as p LEFT JOIN `#__virtuemart_product_shoppergroups` as ps ON p.`virtuemart_product_id` = `ps`.`virtuemart_product_id` LEFT JOIN `#__virtuemart_product_categories` as pc ON p.`virtuemart_product_id` = `pc`.`virtuemart_product_id` LEFT JOIN `#__virtuemart_product_prices` as pp ON p.`virtuemart_product_id` = pp.`virtuemart_product_id` WHERE ( `pc`.`virtuemart_category_id` = Array

Virtuemart is trying to parse these variables and runs an sql query without checking or changing their format.
Seems like there is no any provision about handling that and ends up in generating a lower level error such as an sql error.

Some error handling is more than necessary here

radosc

Hi

I have just got such error. Is there any option to solve it.

It's strange a little bit because there is no error when Superuser is logged.
I have turned off all VM modules and I get such error in CF Filtering (search) module.

Radek

balai

The error is in the VM's code.
There is no data type validation before running the query and no error handling after that.

The only solution i can think is to disable any Virtuemart products module in your page.