View Full Version : i found another bug
DivisionByZero
03-01-2005, 02:46 PM
I am installing the hack, and when setting up warning types, you enter all your values, post the data to admin_warn.php and get an error telling you to enter a proper maturity for this warning type...
Here is the error, and the fix:
In admin_warn.php:
Find this:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'])
{
print_stop_message('warning_warn_maturity');
}
Replace with:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
{
print_stop_message('warning_warn_maturity');
}
Zero Tolerance
03-01-2005, 02:59 PM
Just to keep that check fully functional:
Change
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
To
if(empty($_POST['warn_maturity']) OR trim($_POST['warn_maturity']) == '')
:)
- Zero Tolerance
Delphiprogrammi
03-01-2005, 09:35 PM
I am installing the hack, and when setting up warning types, you enter all your values, post the data to admin_warn.php and get an error telling you to enter a proper maturity for this warning type...
Here is the error, and the fix:
In admin_warn.php:
Find this:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'])
{
print_stop_message('warning_warn_maturity');
}
Replace with:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
{
print_stop_message('warning_warn_maturity');
}
well it's a bug yes but not's john's fault that's code i wrote and i feel verry much ashamed for making such a stupid error :speechless:
sv1cec
03-02-2005, 05:11 AM
Just to keep that check fully functional:
Change
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
To
if(empty($_POST['warn_maturity']) OR trim($_POST['warn_maturity']) == '')
:)
- Zero Tolerance
Well, I do not have ZT's programming experience, but if we want to be accurate, I think that these checks should be coded as below:
if(empty($_POST['warn_name']) OR trim($_POST['warn_name']) == '')
{
print_stop_message('warning_warn_emptywarntype');
}
if(empty($_POST['warn_desc']) OR trim($_POST['warn_desc']) == '')
{
print_stop_message('warning_warn_emptydesc');
}
if(empty($_POST['warn_points']) OR $_POST['warn_points'] == '' OR $_POST['warn_points']<1 OR $_POST['warn_points']>99999)
{
print_stop_message('warning_warn_emptypoints');
}
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity']=='' OR $_POST['warn_maturity']<1 OR $_POST['warn_maturity']>99999)
{
print_stop_message('warning_warn_maturity');
}
The first two fields are character, so the trim function makes sense, the other two are numeric, so I guess we should also check to make sure it is numeric, otherwise the user may enter a maturity of abcde and the check will not catch it.
Rgds
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.