MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Bugs and Issues > secure problem + fixed code
Full Version: secure problem + fixed code
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

DanielM

2014-04-15, 03:15 PM
hay Smile
i found secure issuse, you have it here too, on the url:
http://community.mybb.com/forumdisplay.p...tecut=9999

to fix it, open forumdisplay.php,
find
if(!isset($mybb->input['order']) && !empty($foruminfo['defaultsortorder']))

and add before it,
if(is_array($mybb->input['order']))
    $mybb->input['order'] = $db->escape_string(implode($mybb->input['order']));
    else
    $mybb->input['order'] = $db->escape_string($mybb->input['order']);

plz fix it on 1.6.13 (if will be..) and fix it here.

yours,
DanielM

Nathan Malcolm

2014-04-15, 03:28 PM
This isn't a security issue and people need to stop reporting them. Changing an input key from a string to an array poses no risk at all. It's just a PHP warning.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Bugs and Issues > secure problem + fixed code