search

Connections-Business-Directory / Connections

Directory Plugin for WordPress
https://connections-pro.com
GNU General Public License v2.0
26 stars 18 forks source link

possible issue with custom meta boxes #311

Closed quantumJLBass closed 10 years ago

quantumJLBass commented 10 years ago

I get a no index warning that induces an already header sent fatal error for

https://github.com/shazahm1/Connections/blob/develop/includes/admin/class.actions.php#L419

and if I 

 -          if ( isset( $_POST['meta'] ) && $_POST['meta'][ $metaID ]['value'] === '::DELETED::' ) {

to

 +          if ( isset( $_POST['meta'] ) && isset($metaID) && isset($_POST['meta'][ $metaID ]) && $_POST['meta'][ $metaID ]['value'] === '::DELETED::' ) {

it clears, although I would imagine there is a better way to clear that possibility. This can be introduced by accidentally leaving the custom meta name empty, so i'd think that a form validation can stop this from higher in the chain but would think it'd be good it kill it here too? Cheers - J

shazahm1 commented 10 years ago

Can you let me know the steps I need to follow to reproduce the headers already sent ... I'm not sure how it would be possible $metaID can not exist. If it doesn't somehow, that would mean a fatal error/bug further up.

shazahm1 commented 10 years ago

Ok, I see the issue ... I'm not removing this $metaID for custom meta fields from $results = cnMeta::get( 'entry', $id );.

I need to run $results thru a loop using cnMeta::isPrivate() to remove the custom meta fields before processing the update.

Related: There seems to be an undefined index key error on L412: https://github.com/shazahm1/Connections/blob/develop/includes/admin/class.actions.php#L412

I think removing the custom fields prior to this will resolve this undefined index too.

Additionally, on L412 instead of doing an isPrivate check, simple do this instead: if ( '_' == $row['key'][0] ) $row['key'] = substr( $row['key'], 1 );