Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 8 Support
  4. Suspected Bugs and Errors - 8
  5. Search bug

Search bug

Asked Modified Viewed 3,762 times
Back to Forum Index Previous Topic Next Topic
Print
N
noob
N
noob 10
  • Member, joined since
  • Contributed 110 posts on the community forums.
  • Started 31 threads in the forums
  • Started this discussions
asked
Member

Hi,

I've noticed a search bug in PHP-fusion. I run a gaming forum where people can ask questions about modding games. When people try to search the forum for common errors in the game, it doesn't work. For example try to search for:

Quote

GetLastError()


It doesn't work, it just shows a blank page. Is this a security issue?

I hope this can be fixed, because people really must be able to search for modding errors.

Thanks!
0 replies

6 posts

B
Basti
B
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]

http://basti2web.de - Support Site for my infusions
  • Veteran Member, joined since
  • Contributed 1,099 posts on the community forums.
  • Started 32 threads in the forums
answered
Veteran Member

Yes, it is for security reasons I think, but better ask someone from the dev-team if this is really necessary.
0 replies
S
SiteMaster
S
If i have touched it, it's W3C Valid
  • Senior Member, joined since
  • Contributed 305 posts on the community forums.
  • Started 15 threads in the forums
answered
Senior Member

search for GetLastError without the () and you will find what you are looking for :)
0 replies
N
noob
N
noob 10
  • Member, joined since
  • Contributed 110 posts on the community forums.
  • Started 31 threads in the forums
  • Started this discussions
answered
Member

Quote

SiteMaster wrote:
search for GetLastError without the () and you will find what you are looking for :)


Yes I know, but the users who are searching for it don't know that.
They just think the script is "broken".
Edited by noob on 16-04-2009 16:49,
0 replies
H
hame
H
hame 10
  • Senior Member, joined since
  • Contributed 423 posts on the community forums.
  • Started 44 threads in the forums
answered
Senior Member

Must be a bug i guess since a simple symbol as ( and ) shouldnt cause this error, im sure dev team will figure out a way to allow certain characters in the search function.
0 replies
— 5 months later —
B
bite
B
bite 10
  • Member, joined since
  • Contributed 163 posts on the community forums.
  • Started 5 threads in the forums
answered
Member

Don't remember what ( and ) are dangerous...
They can't cause sql injection. The only strings can cause sql injection are " and ' , others like ( ) - can't do anything until " or ' is injected. In mysql queries LIKE, GRANT, REVOKE % and _ can be abused, but they can't do much, and can be escaped.
0 replies
F
fanggaming
F
  • Junior Member, joined since
  • Contributed 43 posts on the community forums.
  • Started 3 threads in the forums
answered
Junior Member

Well the problem is in the maincore.php

line 42.

This check matches the regex and therefore stops the page running.

(eregi("\([^>]*\"?[^)]*\)", $check_url)
0 replies

Category Forum

Suspected Bugs and Errors - 8

Labels

None yet

Statistics

  • Views 0 views
  • Posts 6 posts
  • Votes 0 votes
  • Topic users 6 members

6 participants

N
N
noob 10
  • Member, joined since
  • Contributed 110 posts on the community forums.
  • Started 31 threads in the forums
  • Started this discussions
B
B
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]

http://basti2web.de - Support Site for my infusions
  • Veteran Member, joined since
  • Contributed 1,099 posts on the community forums.
  • Started 32 threads in the forums
H
H
hame 10
  • Senior Member, joined since
  • Contributed 423 posts on the community forums.
  • Started 44 threads in the forums
F
F
  • Junior Member, joined since
  • Contributed 43 posts on the community forums.
  • Started 3 threads in the forums
S
S
If i have touched it, it's W3C Valid
  • Senior Member, joined since
  • Contributed 305 posts on the community forums.
  • Started 15 threads in the forums
B
B
bite 10
  • Member, joined since
  • Contributed 163 posts on the community forums.
  • Started 5 threads in the forums

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet