There is a problem with post in Abo.CMS. There is such a code in the module:

case "useredit": if (!$permissions["e"]) $main->message_access_denied($this->module_name, $action); global $request_id, $request_step; $main->include_main_blocks_2($this->module_name."_useradd.html", $this->tpl_path); $tpl->prepare(); if(!$request_step || $request_step == 1){ $user = $this->getUser($request_id); $user['id'] = (int) $user['id']; $user['form_action'] = $baseurl . '&action=useredit&step=2'; $user['photolink'] = '' . $user['photo']; $tpl->assign($user); if($user['photo']){ $tpl->newBlock('block_photo_exists'); $tpl->assign($user); } } elseif($request_step == 2){ } break;

When $request_step = 1 everything works fine and displays the edit form ( method = post , action contains 'action=useredit&step=2' ). But for $request_step = 2 throws a database query error. If you do not send the form, and manually enter &step=2 , then everything works. In my opinion, an error occurs when sending data with a post, but I, for the life of me, don’t understand what query to the database here can cause an error. If anyone knows the features of Abo.CMS, please help.
Thank you in advance.

    2 answers 2

    I don’t know Abo.CMS, but looking at the code, I think it might be worth going beyond the code? Trying to understand what is happening outside of it - most likely there is some other logic that responds to the sent POST request. Based on the above code, it is hard to present an error to the database, since in principle, nothing is done with $ request_step = 2

    • The problem is that if something is executed outside of this code, then it should be executed even with $request_step = 1 . Hike, Abo generally reacts to the post. - ling
    • as I understand it, when $ request_step = 1, the compilation of the $ tpl-> assign ($ user) template is performed; Maybe if this does not happen ($ request_step = 2), then the POST data is processed somewhere else? - skyscs 1:51 pm
    • You can solve the problem deductively) In elseif ($ request_step == 2) {write exit; and to see if there is a base error, then something “interferes” at the top, if there is, say, a white screen, it means that POST data “creep” below, and get to the wrong place. - skyscs 1:53 pm
    • In such cases, I actively use the spear method, litter for not very professional advice. - skyscs 1:54 pm
    • > POST data processing happens somewhere else. That looks like. I poked it like this: `elseif ($ request_step == 2) {die (), nothing happened. Therefore, I ask about the features of Abo. - ling

    The error was found, unfortunately, the laid out code has nothing to do with it. In the pattern was a field

     <input type="text" name="name" value="{name}">

    As it turned out, name="name" kills some kind of internal CMS logic. Apparently, both $_GET['name'] and $_POST['name'] translated into $request_name , and then the database is searched for a module with the name $request_name . I can not find another explanation.