Author Topic: Forum Errors  (Read 12257 times)

0 Members and 7 Guests are viewing this topic.

trust

  • Guest
Re: Forum Errors
« Reply #30 on: August 03, 2007, 10:51:31 pm »
searching appears to be fubar

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Forum Errors
« Reply #31 on: August 03, 2007, 11:02:12 pm »
Do you mean moreso than usual? SMF's searching has always been.. unpredictable.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Forum Errors
« Reply #32 on: August 04, 2007, 03:54:17 am »
Remember, you found the exploit that allowed non-members to search and see posts in the members forum, and killed search.php.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Forum Errors
« Reply #33 on: August 04, 2007, 10:09:40 am »
Surely you mean that zorm did.

trust

  • Guest
Re: Forum Errors
« Reply #34 on: August 04, 2007, 01:03:21 pm »
I don't know it just kept returning an error when I tried searching yesterday. I didn't try it more than a few times though so maybe it's random.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Forum Errors
« Reply #35 on: August 04, 2007, 01:12:39 pm »
Well, posting the error would have been more helpful. I thought you meant that it returned crappy results, because SMF almost always returns crappy results for searches. For example, this is the first result when searching for "Canadian"...

For anybody who cares, here's the error:
DROP command denied to user 'smf'@'192.168.2.11' for table 'smf_tmp_log_search_topics'
File: /web/x86/web/forum/Sources/Search.php
Line: 1006

Why the hell does SMF need "drop" access in the database? That's just asking for a "drop table *" if somebody finds sql injection...
« Last Edit: August 04, 2007, 01:14:37 pm by iago »

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Forum Errors
« Reply #36 on: August 04, 2007, 01:38:00 pm »
	
	
	
	
db_query("
	
	
	
	
	
DROP TABLE IF EXISTS 
{$db_prefix}tmp_log_search_topics"__FILE____LINE__);
	
	
	
	
$createTemporary db_query("
	
	
	
	
	
CREATE TEMPORARY TABLE 
{$db_prefix}tmp_log_search_topics (
	
	
	
	
	
	
ID_TOPIC mediumint(8) unsigned NOT NULL default '0',
	
	
	
	
	
	
PRIMARY KEY (ID_TOPIC)
	
	
	
	
	
) TYPE=HEAP"
falsefalse) !== false;


It's trying to drop a temporary clone table, but you won't let it.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Forum Errors
« Reply #37 on: August 04, 2007, 02:54:18 pm »
Well, I'm allowing it now. Using a temporary table sounds yucky, though, isn't there a better way to do it?

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Forum Errors
« Reply #38 on: August 04, 2007, 07:42:38 pm »
Probably.  It's probably been changed since version 2.