2020-12-14, 11:55 AM
In our file handling function script
In few functions, such as
functions_upload.php
following issues are found:function upload_avatar()
: $db
is declared global but never used in function.function upload_file()
: $mybb
is declared global but never used in function.function upload_attachment()
: $theme
& $templates
are declared global but never used in function. In the same function variable $allowed_mime_types = array();
is declared, but never used. Also, this function globalizes $pid
but never checks the availability of it, resulting inserting 0 value in pid column of attachment table often. $pid
should be required parameter, IMO.function add_attachments()
: $editdraftpid
is declared global but never used in function. In this same function, the first required parameter is $pid
which is never used inside the function . PID is actually provided in function through third parameter $attachwhere
.In few functions, such as
function remove_attachments()
there is no fallback for unavailability of $pid
not even triggering any error.function remove_attachments()
has two parameters, $pid
& $posthash
whereas only one is required (either of the two) to remove all attachments from a post. If you go through the codebase you will see $posthash
is never provided while calling this function.