PDA

View Full Version : i found another bug


DivisionByZero
03-01-2005, 02:46 PM
I am installing the hack, and when setting up warning types, you enter all your values, post the data to admin_warn.php and get an error telling you to enter a proper maturity for this warning type...

Here is the error, and the fix:


In admin_warn.php:
Find this:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'])
{
print_stop_message('warning_warn_maturity');
}


Replace with:

if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
{
print_stop_message('warning_warn_maturity');
}

Zero Tolerance
03-01-2005, 02:59 PM
Just to keep that check fully functional:
Change
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
To
if(empty($_POST['warn_maturity']) OR trim($_POST['warn_maturity']) == '')

:)

- Zero Tolerance

Delphiprogrammi
03-01-2005, 09:35 PM
I am installing the hack, and when setting up warning types, you enter all your values, post the data to admin_warn.php and get an error telling you to enter a proper maturity for this warning type...

Here is the error, and the fix:


In admin_warn.php:
Find this:
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'])
{
print_stop_message('warning_warn_maturity');
}


Replace with:

if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
{
print_stop_message('warning_warn_maturity');
}


well it's a bug yes but not's john's fault that's code i wrote and i feel verry much ashamed for making such a stupid error :speechless:

sv1cec
03-02-2005, 05:11 AM
Just to keep that check fully functional:
Change
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity'] == '')
To
if(empty($_POST['warn_maturity']) OR trim($_POST['warn_maturity']) == '')

:)

- Zero Tolerance
Well, I do not have ZT's programming experience, but if we want to be accurate, I think that these checks should be coded as below:


if(empty($_POST['warn_name']) OR trim($_POST['warn_name']) == '')
{
print_stop_message('warning_warn_emptywarntype');
}
if(empty($_POST['warn_desc']) OR trim($_POST['warn_desc']) == '')
{
print_stop_message('warning_warn_emptydesc');
}
if(empty($_POST['warn_points']) OR $_POST['warn_points'] == '' OR $_POST['warn_points']<1 OR $_POST['warn_points']>99999)
{
print_stop_message('warning_warn_emptypoints');
}
if(empty($_POST['warn_maturity']) OR $_POST['warn_maturity']=='' OR $_POST['warn_maturity']<1 OR $_POST['warn_maturity']>99999)
{
print_stop_message('warning_warn_maturity');
}


The first two fields are character, so the trim function makes sense, the other two are numeric, so I guess we should also check to make sure it is numeric, otherwise the user may enter a maturity of abcde and the check will not catch it.

Rgds