MyBB Community Forums

Scenario: Login required, bots trying to crawl, DotBot specifically making requests for forum thread that doesn't exist. That's how it was noticed.
Error log is flooded with these, 1 second apart. Now, there's a robot.txt file in place.

Easy to recreate, whether logged in or not.
https://yourdomain.com/forum/showthread.php?tid=130028
Or, any tid which is not valid.

<error>
    <dateline>1676639865</dateline>
    <script>inc/class_session.php</script>
    <line>603</line>
    <type>2</type>
    <friendly_type>Warning</friendly_type>
    <message>Trying to access array offset on value of type bool</message>
    <back_trace>#0  errorHandler->error() called at [/inc/class_error.php:153]
#1  errorHandler->error_callback() called at [/inc/class_session.php:603]
#2  session->get_special_locations() called at [/inc/class_session.php:526]
#3  session->create_session() called at [/inc/class_session.php:412]
#4  session->load_guest() called at [/inc/class_session.php:116]
#5  session->init() called at [/global.php:49]
#6  require_once() called at [/showthread.php:28]
</back_trace>
</error>

Laird Wrote:My suggestion? Change lines 602 and 603 of inc/class_sessions.php from:
            $thread = get_thread($array[2]);
            $array[1] = $thread['fid'];

to:
            $thread = get_thread($array[2]);
            if ($thread) {
                $array[1] = $thread['fid'];
            }
Of course, you might want to check your server access log anyway to see what the exact URL was, so that you can confirm that the above fixes it.

Suggestion followed, warning messages cleared. Server access log verified it was requests for invalid thread.

There is also a pre-emptive suggestion, which I have taken.
I trust the source.

Laird Wrote:OK. Probably, it would also be worth editing lines 598 and 599 above that from:
$post = $db->fetch_array($query);
$array[2] = $post['tid'];

to:
$post = $db->fetch_array($query);
if ($post) {
$array[2] = $post['tid'];
}
If you confirm the first fix, then you might want to share both to your Community thread.

Thanks buddy, you're the best.

---

Further, if a request is made in showthread for an invalid pid, it throws a
Warning [2] Undefined array key "pid" - Line: 41 - File: showthread.php PHP 8.0.28 (Linux)

Fixed by changing the isset($style) on line 41 to !empty($style).
(Because it is set, but to an empty array).

Got to stop looking for valid ways to throw errors!
Thank you Laird for some real-time sleuthing. I'm learning a lot.

HLFadmin - what is valid? I will create a PR... thx!

Cannot recreate the warning in the second part.

Confirmed that first part of the OP still occurs.

<error>
	<dateline>1694416571</dateline>
	<datetime>2023-09-11 07:16:11 UTC -0500</datetime>
	<script>inc/class_session.php</script>
	<line>603</line>
	<type>2</type>
	<friendly_type>Warning</friendly_type>
	<message>Trying to access array offset on value of type bool</message>
	<back_trace>#0  errorHandler->error() called at [/inc/class_error.php:153]
#1  errorHandler->error_callback() called at [/inc/class_session.php:603]
#2  session->get_special_locations() called at [/inc/class_session.php:496]
#3  session->update_session() called at [/inc/class_session.php:330]
#4  session->load_user() called at [/inc/class_session.php:91]
#5  session->init() called at [/global.php:49]
#6  require_once() called at [/showthread.php:28]
</back_trace>
</error>

Find beginning line 599

				$array[2] = $post['tid'];
			}

			$thread = get_thread($array[2]);
			$array[1] = $thread['fid'];

and replace with

				if($post){	//core edit, added
				$array[2] = $post['tid'];
				}		// core edit, added
			}

			$thread = get_thread($array[2]);
			if($thread){	// core edit, added
			$array[1] = $thread['fid'];
			}		// core edit, added