I got following error message:
Warning: array_merge(): Argument #2 is not an array in bef_replace_query_string_arg() (line 704 in sites/all/modules/better_exposed_filters/better_exposed_filters.theme).
Some robots visit my site using error url:
http://www.example.cn/books/category/1671?f[0]=field_clc:1796
the correct is:
http://www.example.cn/books/category/1671?f[0]=field_clc%3A1796
with the wrong url, there is an error message, I could see it in admin/reports/dblog.
the function of parse_url not always return array, some times it return False.
Here is a quick fix:
if (!empty(parse_url(request_uri()))) {
$urllist = array_merge($urllist, parse_url(request_uri()));
}
in bef_replace_query_string_arg of better_exposed_filters.theme
Comment | File | Size | Author |
---|---|---|---|
#4 | bef-warning-array_merge-bef_replace_query_string_arg-2527550-1.patch | 692 bytes | Yuriy Mudriy |
Comments
Comment #1
g089h515r806 CreditAttribution: g089h515r806 commentedComment #2
mikeker CreditAttribution: mikeker as a volunteer commentedI think this speaks to a bigger issue with your site. Yes,
parse_url()
will returnFALSE
for malformed URLs, such as the first example you gave (":" is not allowed in query strings). The problem is that we can't be validating the incoming request inbef_replace_query_string_arg()
. That function expects a valid query string and gives a warning when it does not get one.Comment #3
markabur CreditAttribution: markabur commentedI'm seeing the same warning filling my logs, and it's not clear from the above what we should do about it. The requests are like this:
http://example.com/events/2016/:5054
Are you saying that the problem lies in
request_uri()
in this case, or is the problem inparse_url()
?Bots and hackers probe websites using invalid query strings all day, every day. Shouldn't that be the default expectation, rather than thinking everyone is going to be well-behaved?
If it's likely that
parse_url()
will return false sometimes, then what's the problem with testing for false before using its output?Anyway, the following implementation of
hook_init()
appears to solve the problem for me, without hacking BEF -- though I'm not sure if it will cause problems elsewhere.Comment #4
Yuriy Mudriy CreditAttribution: Yuriy Mudriy as a volunteer and at DEWEB Studio for Drupal Ukraine Community commentedPatch for fixing this warning.
Comment #6
mikeker CreditAttribution: mikeker as a volunteer commentedSorry, warnings are not major.
urlencode
should only be used on the query string portion of the URI, in this case we're using it on the path and query string. Also, I'm worried about double-encoding if we do this -- usuallyurlencode
is for when you're printing a query string, not when you're consuming it.Agreed, however, that bots are constantly pounding our sites with bogus URLs and we shouldn't be filling up the log files because of it. I prefer the option to test the return value of
parse_url
before using it and will look at making that change later today.Sorry for the long delay in getting back to this issue!
Comment #7
Neslee Canil PintoHi, there will be no more future development for 7.x branch. If you see this issue in 8.x, feel free to file an issue. Closing this as Closed(wont fix).
Comment #8
markabur CreditAttribution: markabur commentedAre you saying that 7.x is now unsupported?
Comment #9
Neslee Canil Pinto@markabur 7.x is fully supported even now and in the future. If you think this issue still exists in 7.x feel free to report