[Pushed] functions_upload issues ...
#1
In our file handling function script functions_upload.php following issues are found:

function upload_avatar() : $db is declared global but never used in function.

function upload_file() : $mybb is declared global but never used in function.

function upload_attachment() : $theme & $templates are declared global but never used in function. In the same function variable $allowed_mime_types = array(); is declared, but never used. Also, this function globalizes $pid but never checks the availability of it, resulting inserting 0 value in pid column of attachment table often. $pid should be required parameter, IMO.

function add_attachments() : $editdraftpid is declared global but never used in function. In this same function, the first required parameter is $pid which is never used inside the function   Angel . PID is actually provided in function through third parameter $attachwhere.

In few functions, such as function remove_attachments() there is no fallback for unavailability of $pid not even triggering any error.

function remove_attachments() has two parameters, $pid & $posthash whereas only one is required (either of the two) to remove all attachments from a post. If you go through the codebase you will see $posthash is never provided while calling this function.
Reply
#2
You don’t have a pid while creating a post, thus the script uses a posthash.
Reply
#3
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/4272

Thanks for contributing to MyBB!

Regards,
The MyBB Group
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)