I’m debugging a different issue but my problem involves the REQUEST parameters getting changed for over-zealous XSS protection purposes, and that ruins the data. I’m guessing you might be getting the same problem.
Are you a PHP developer? The below is a hack to add a calcDelta function that checks the differences between the raw request and the “clean” one. If your password field is getting changed, then that’s probably a bug.
Add this function somewhere in include/utils.php:
function calcDelta($a1, $a2)
{
//combine into a nice associative array:
$delta=Array();
foreach ($a1 as $key=>$value) {
if ($a1[$key] != $a2[$key])
$delta[$key] = ("Was ". $a1[$key]. ", became " . $a2[$key]);
}
//$num = count($data);
if (empty($a1)) $delta[] = array("a1" => ("Was empty"));
if (empty($a2)) $delta[] = array("a2" => ("Was empty"));
return $delta;
}
Then in that same file, right before the end of function clean_incoming_data, right before the return 0, add
$delta = calcDelta($RAW_REQUEST, $_REQUEST);
You need to set a breakpoint at that final line with return 0; to inspect the $delta variable.
I hope this helps you troubleshoot…