MyBB Community Forums

MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > AdminCP - Users & Groups - Group Order missing display order validation.
Full Version: AdminCP - Users & Groups - Group Order missing display order validation.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

DaveS

2024-12-08, 10:53 PM
Hi,

Not a gamechanging bug, but data should always be validated before being pushed to the DB, right? Smile

On the "Manage User Groups" page, where you can change the display order of the builti-n groups, if you inadvertently select a negative number, there is no nice error message, it just falls on its face with an SQL error. There is no client or server side validation (and the order numeric inputs have no minimum value).

MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1264 - Out of range value for column 'disporder' at row 1
Query:
UPDATE mybb_usergroups SET `disporder`=-1 WHERE gid='3'

The same thing does happen on the forum display order page if you deliberately remove the client-side validation (minimum value) - I did this as a test to see if that was also plagued by a similar thing.

MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1264 - Out of range value for column 'disporder' at row 1
Query:
UPDATE mybb_forums SET `disporder`=-5 WHERE fid='4'


Fix:

As it's only affecting the AdminCP a simple addition of client-side validation to the user group display order inputs would likely suffice. A more belt and braces option would include server-side validation of those inputs.


Versions:
MyBB 1.8.37
PHP 7.4.33
MySQLi 11.6.2 connecting to MariaDB 11

Devilshakerz

2024-12-10, 04:47 PM
Tracking in https://github.com/mybb/mybb/issues/4866
MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > AdminCP - Users & Groups - Group Order missing display order validation.