2014-04-20, 01:45 PM
i just got this on my forums and idk what to do ![[Image: m1UsTRA.png]](https://camo.mybb.com/704edf8e9335f50ad6469148082097ec02c53c5b/687474703a2f2f692e696d6775722e636f6d2f6d3155735452412e706e67)
any help ?
Here is my forum URL if needed http://anarchy.sx/
any help ?
Here is my forum URL if needed http://anarchy.sx/
2014-04-20, 02:08 PM
Weird?
I have never seen that mybb is not properly escaping the quote for query.
The query should be:
SELCT ........ WHERE username = 'Choopie''s Bish'..............
hmm...
You can do this Temp fix:
change username from Choopie's Bish to Choopies Bish in ACP.
You may need to visit your MySql Server if you can access ACP.
I have never seen that mybb is not properly escaping the quote for query.
The query should be:
SELCT ........ WHERE username = 'Choopie''s Bish'..............
hmm...
You can do this Temp fix:
change username from Choopie's Bish to Choopies Bish in ACP.
You may need to visit your MySql Server if you can access ACP.
2014-04-20, 02:11 PM
(2014-04-20, 02:08 PM)Cedric Wrote: [ -> ]Weird?
I have never seen that mybb is not properly escaping the quote for query.
The query should be:
SELCT ........ WHERE username = 'Choopie''s Bish'..............
hmm...
You can do this Temp fix:
change username from Choopie's Bish to Choopies Bish in ACP.
You may need to visit your MySql Server if you can access ACP.
I can't even see my members anymore though
2014-04-20, 02:11 PM
What plugins have you recently installed? Nickstyle isn't a default column AFAIK so I'm assuming it is part of a plugin and the plugin doesn't escape its database query properly (Possibly leaving it open to an SQL injection).
Personally I'd recommend you disable it as it really needs to be patched. I'm happy to take a look at fixing it for you tomorrow if you're not sure how/what needs to be done.
Personally I'd recommend you disable it as it really needs to be patched. I'm happy to take a look at fixing it for you tomorrow if you're not sure how/what needs to be done.
2014-04-20, 02:15 PM
@Choopie,
Can you guide me to your forum URL?
Can you guide me to your forum URL?
2014-04-20, 02:16 PM
(2014-04-20, 02:15 PM)Cedric Wrote: [ -> ]@Choopie,
Can you guide me to your forum URL?
here is the URL http://anarchy.sx/
all i did was change a friends name to be funny and this happened
(2014-04-20, 02:11 PM)Cameron:D Wrote: [ -> ]What plugins have you recently installed? Nickstyle isn't a default column AFAIK so I'm assuming it is part of a plugin and the plugin doesn't escape its database query properly (Possibly leaving it open to an SQL injection).
Personally I'd recommend you disable it as it really needs to be patched. I'm happy to take a look at fixing it for you tomorrow if you're not sure how/what needs to be done.
i don't have a plugin like that at all , all i did was try to change someones name
2014-04-20, 02:23 PM
(2014-04-20, 02:16 PM)Choopie Wrote: [ -> ]i don't have a plugin like that at all , all i did was try to change someones name
What plugins do you have installed then (Just a list of the ones in /inc/plugins/?). There needs to be something as nickstyle isn't a default column, nor does this issue seem to affect other copies of MyBB (I have several users with ' in their name).
2014-04-20, 02:26 PM
Go to: https://forge.dotvps.co:2083/
Login with your details,
After that:
Open phpMyAdmin
Select your Mybb database
Select "SQL"
Now type this in the box:
UPDATE
If you have a table prefix (Usually mybb_)
then use:
UPDATE
Now Run the query (Press Submit, or execute, whatever)
I hope it works
Login with your details,
After that:
Open phpMyAdmin
Select your Mybb database
Select "SQL"
Now type this in the box:
UPDATE
users SET username='ChoopieTest' WHERE username='Choopie''s Bish'If you have a table prefix (Usually mybb_)
then use:
UPDATE
TABLE_PREFIX_users SET username='ChoopieTest' WHERE username='Choopie''s Bish'Now Run the query (Press Submit, or execute, whatever)
I hope it works