MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > ***** Syndication.php ***** SQL error *****
Full Version: ***** Syndication.php ***** SQL error *****
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Y.P.Y

2009-03-18, 06:52 AM
Hi,
Please fix this:

http://community.mybboard.net/syndicatio...imit=-9999
Domain/syndication.php?fid=8&limit=-9999
...
Thanks.

Tomm M

2009-03-18, 08:51 AM
Why would the limit be -9999?

Y.P.Y

2009-03-18, 09:09 AM
LOL. Thats saying Syndication.php IS NOT SECURE!
Why you cleaning input with mysql_real_scape_string or ...??!!
Gl.

Tomm M

2009-03-18, 10:50 AM
Undecided

I'd eat my hat if my forums got hacked with this. The limit input is actually set with intval, not m_r_e_s. Anyway, simple enough to put a check for less than 0?

else if($thread_limit < 0)
{
	$thread_limit = 20;
}
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > ***** Syndication.php ***** SQL error *****