Hi,
The error doesn't come from HikaShop. Based on the call stack, it comes from the "second level" protection of the Securitycheck Pro system plugin.
That plugin loops on all the parameters sent in the POST request and runs the PHP function stripslashes on each of them, assuming they are all texts. However, when adding a product to the cart, HikaShop sends some parameters as arrays of values, which is perfectly valid. And on recent versions of PHP, calling stripslashes on an array triggers the fatal error you got, while older versions of PHP only emitted a warning.
So I would recommend to:
- add com_hikashop to the "Second Level exceptions" setting of the Securitycheck Pro plugin, which will avoid the error.
- report the issue to the Securitycheck developers so that they can add the handling of array parameters to their second_level function (their cleanQuery function already handles arrays, so it should be easy for them to fix).