SMFHacks.com

SMF Classifieds => Support => Bugs => Topic started by: vkot on September 26, 2008, 02:32:17 am

Title: Errors in SMF's error log
Post by: vkot on September 26, 2008, 02:32:17 am

1) It seems that you must escape the single quotes, etc. in the listing title:

Quote

Hacking attempt...

INSERT INTO personal_messages
(ID_MEMBER_FROM, deletedBySender, fromName, msgtime, subject, body)
VALUES (0, 1, SUBSTRING('Σύστημα Αγγελιών', 1, 255), 1222408958, SUBSTRING('Η καταχώρηση έληξε i'm looking for drams and base............', 1, 255), SUBSTRING('Η καταχώρησή σας "i'm looking for drams and base............" έχει λήξει και αφαιρέθηκε.', 1, 65534))
Αρχείο: /xxx/xxx/xxx/public_html/forum/Sources/Subs-Post.php
Γραμμή: 809

The above error was when a listing expires and gets deleted and a PM is sent. But as I saw in classifieds.php, every $row[title] whenever sendpm() function is called, need to be escaped.
While you're at it, check if there are more strings elsewhere that should be escaped.

2) Problem with index noprice:

Quote

8: Undefined index: noprice
Αρχείο: /xxx/xxx/xxx/public_html/forum/Themes/default/classifieds.template.php (listall sub template - eval?)
Γραμμή: 6335 (and line 6341)

Maybe my line numbers are different than yours (I did some template modifications), so here are the relevant lines:

Quote

               if ($modSettings['class_catlist_currentprice'] && $context['noprice'] == 0)

Quote

               if ($modSettings['class_catlist_numofbids'] && $context['noprice'] == 0)

3) Problem with index class_error_no_picture:

Quote

8: Undefined index: class_error_no_picture
Αρχείο: /xxx/xxx/xxx/public_html/forum/Sources/classifieds.php
Γραμμή: 3315

Quote

      fatal_error($txt['class_error_no_picture'],false);

4) Problem with index visual_verification:

Quote

8: Undefined index: visual_verification
Αρχείο: /xxx/xxx/xxx/public_html/forum/Themes/default/languages/Post.greek.php (addcomment sub template - eval?)
Γραμμή: 3148

Quote

   if ($context['visual_verification'] == true && $context['user']['is_guest'] == true)

5) Problem with index classifieds:

Quote

8: Undefined index: classifieds
Αρχείο: /xxx/xxx/xxx/public_html/forum/Themes/default/classifieds.template.php (search sub template - eval?)
Γραμμή: 4991

Quote

                  ', template_button_strip($context['classifieds']['buttons'], 'top'), '

6) Problem with index shipping:

Quote

8: Undefined index: shipping
Αρχείο: /xxx/xxx/xxx/public_html/forum/Sources/classifieds.php
Γραμμή: 791

Quote

   $shipping = (double) $_REQUEST['shipping'];

7) I couldn't find where exactly is the error here:

Quote

2: Invalid argument supplied for foreach()
Αρχείο: /xxx/xxx/xxx/public_html/forum/Themes/default/classifieds.template.php (search sub template - eval?)
Γραμμή: 667

Quote

         MainPageBlock($txt['class_main_recent'], 'recent');

Title: Re: Errors in SMF's error log
Post by: SMFHacks on September 26, 2008, 08:32:21 pm

1. Fixed

2. Could not find in the latest version


3. Fixed added a language string

4. Not sure how that one occurs since it is always set.

5. Think I fixed.

6. Think I have this one fixed as well

7. Shouldn't happened unless there are no recent items