Discuss: MyBB 1.2.4 Released - Important Security Update
#35
I wonder about the quality of the provided patch:

* Why should a function (get_ip) that has absolutely nothing to do with database access use the function $db->escape_string?
* Why do you leave space characters in the IP address?
* Why is escape_string necessary at all, after you have filtered out everything except [0-9. ]?

Roland


Messages In This Thread
RE: Discuss: MyBB 1.2.4 Released - Important Security Update - by rillig - 2007-04-04, 08:14 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)