Search

Hi all,
After enabling the xssfilter on some of my events i get the following error after a 'suposed' successfull save; 'Passed parameter is not a string' (see attachement)
When entering mallicious code in the textfield it correctly returns the 'filter/@status = 'failed' message in the result xml.
Funny thing is that in one form i have the ckeditor enabled on the textfield and the xsslfilter works correct. I have the exact same form for editing the content which gives the error. Then another form with no text-formatter is also giving me this error. So i think it has nothing to do with the editor.
Anyone any idea?

Attachments:
Schermafbeelding 2011-12-12 om 22.11.35.png

I also came across this bug while using the xssfilter on fields of the members extension.

Maybe you can file an issue on GitHub.

I also tried it before i installed the members extension and had the same bug so i think it's not related...
I posted the issue on github

Thanks for the issue report, but it'd be handy if you had a test case of how to reproduce this. What does your Form HTML look like?

I will do some testing first by leaving out some fields to find out what field throws the error
I will post the form html after that

@brendo, i did some testing and it seems the xss filter crashes on image upload fields.
I am pretty sure you can reproduce this.

This is an old thread, but I am replying just to confirm.

I am unable to find any sources that suggest this problem has been solved.

It has been resolved as of 13 hours ago :)

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details