Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] admin/settings.php: SQL options leak through into a <select> tag
#1
When I remove the /settings.php file and make the directory read-only, the settings will be retrieved from the database.

Then I call /admin/settings.php?action=change

Later, the $options variable is used in the code without initializing it properly. Therefore, the first combo box contains items for the $options that had been used in the last SQL statement, in my case "title" and "ASC".

Some further questions:
* What is the settings.php good for at all? Is it just a cache?
* Why is the code using md5($debugmode) instead of checking the value directly?

Roland


Attached Files
.txt   mybb-admin-setttings.patch.txt (Size: 1.16 KB / Downloads: 344)
#2
the md5 is there because the feature was not finished and did not make it into the mybb 1.0 final. However, I will change the $settings[''] to $settings = array();

As for the settings.php in the inc folder, it is a prebuilt cache of settings from the settings table for better performance.
#3
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.


Forum Jump:


Users browsing this thread: 1 Guest(s)