I use this plugin
https://community.mybb.com/mods.php?action=view&pid=423
However I gets this SQL error:
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 20' at line 1
Query:
SELECT * FROM mybb_banned ORDER BY dateline DESC LIMIT -20, 20
What to do? Can somebody skilled in php/mysql help me to figure it out? Thank you very much!
(2018-12-09, 05:41 PM)Eldenroot Wrote: [ -> ]I use this plugin
https://community.mybb.com/mods.php?action=view&pid=423
However I gets this SQL error:
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 20' at line 1
Query:
SELECT * FROM mybb_banned ORDER BY dateline DESC LIMIT -20, 20
What to do? Can somebody skilled in php/mysql help me to figure it out? Thank you very much!
Check with @Wildcard.
He fixed a similar issue with my Ban list, too.
@Eldenroot
There are vulnerabilities with that plugin/page. I shared a fixed copy with Serpius. Remind me when I get home tonight and I'll send it to you as well.
(2018-12-09, 06:03 PM).m. Wrote: [ -> ]fix provided by Wildcard
[original plugin source code @ GitHub]
While I have your attention on this...
Is it possible to have this plugin fixed (as done by @Wildcard) and the old plugin be updated on MyBB Extend?
I mean, all is being done is fixing the XSS vulnerability and sanitizing the plugin, but the original author still gets credit for it.
I hate for others to keep on downloading the vulnerable plugin without realizing that there is a fix for it.
At least mark this plugin as vulnerable
done
I was supposed to have done that already, but I forgot...
