Replies: 0
Hello Ali,
I noticed an issue in the JSON_API_User_Controller class related to the $custom_fields variable.
Currently, on line 731, the code looks like this:
if(is_array($custom_fields)){
foreach ($custom_fields as $field => $value) {
if(in_array($field, $disallowed) ){
$json_api->error("This meta_key '".$field."' is not allowed.");
}
if ($field == 'cookie')
continue;
if (is_array($value)) {
$values = array_map('trim', $values);
} else {
$values = trim($value);
}
if(!in_array($field, $disallowed) ){
foreach($disallowed as $d){
$field = str_replace($d, 'disallowed', $field);
}
$result[$field]['updated'] = update_user_meta($user_id, $field, $values);
}
}
}However, if the $custom_fields variable is not initialized, an error occurs:
Undefined variable $custom_fields in C:\wordpress\wp-content\plugins\json-api-user\controllers\User.php:731
To prevent this, I suggest adding a check for the existence of the $custom_fields variable. The modified code would look like this:
if(!empty($custom_fields) && is_array($custom_fields)){
foreach ($custom_fields as $field => $value) {
if(in_array($field, $disallowed) ){
$json_api->error("This meta_key '".$field."' is not allowed.");
}
if ($field == 'cookie')
continue;
if (is_array($value)) {
$values = array_map('trim', $values);
} else {
$values = trim($value);
}
if(!in_array($field, $disallowed) ){
foreach($disallowed as $d){
$field = str_replace($d, 'disallowed', $field);
}
$result[$field]['updated'] = update_user_meta($user_id, $field, $values);
}
}
}
A similar adjustment is also needed on line 198:
if (!empty($custom_fields) && is_array($custom_fields)) {Please consider implementing these changes to avoid potential errors.
Thank you!