Thread: Last XX Posts on non-vB page
View Single Post
  #518  
Old 03-15-2005, 11:16 AM
Meirion Meirion is offline
 
Join Date: Nov 2001
Location: UK
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Brad.loo
This patched version didn't work for me unfortunately.
It gave my the "error in mysql near LIMIT 1" error.

Here's how to fix it... in last10.php change this....

Code:
// let's get connected
require("last10config.php");
require("$path/config.php");
$db=mysql_connect($servername,$dbusername,$dbpassword) or die("Can't open connection to MySQL");
mysql_select_db($dbname) or die("Can't select database");

// destroy some var's to prevent SQL injection (patch by Brad.loo, added 11/16/04)
unset($fsel, $ftitle, $wheresql, $ob, $obdir, $maxthreads);

$hfs = $fs+2;
to this....

Code:
// destroy some var's to prevent SQL injection (patch by Brad.loo, added 11/16/04)
unset($fsel, $ftitle, $wheresql, $ob, $obdir, $maxthreads);

// let's get connected
require("last10config.php");
require("$path/config.php");
$db=mysql_connect($servername,$dbusername,$dbpassword) or die("Can't open connection to MySQL");
mysql_select_db($dbname) or die("Can't select database");

$hfs = $fs+2;
should work now. The unset needs to come first else it destroys some of the required variables that were set up in last10config.php
Hope that hasn't defeated the point of the security fix, correct me if I am wrong please, Brad.loo or someone else!

Meza
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01163 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete