MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.2 > [F] admin/settings.php: SQL options leak through into a <select> tag
Full Version: [F] admin/settings.php: SQL options leak through into a <select> tag
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

rillig

2007-01-21, 10:37 PM
When I remove the /settings.php file and make the directory read-only, the settings will be retrieved from the database.

Then I call /admin/settings.php?action=change

Later, the $options variable is used in the code without initializing it properly. Therefore, the first combo box contains items for the $options that had been used in the last SQL statement, in my case "title" and "ASC".

Some further questions:
* What is the settings.php good for at all? Is it just a cache?
* Why is the code using md5($debugmode) instead of checking the value directly?

Roland

Ryan Gordon

2007-01-22, 01:59 AM
the md5 is there because the feature was not finished and did not make it into the mybb 1.0 final. However, I will change the $settings[''] to $settings = array();

As for the settings.php in the inc folder, it is a prebuilt cache of settings from the settings table for better performance.

Ryan Gordon

2007-01-22, 02:02 AM
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.2 > [F] admin/settings.php: SQL options leak through into a <select> tag