Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#3 Error when changing number of results per page

open
nobody
None
5
2012-10-29
2008-02-17
Matt Painter
No

Fez version: 2.0RC1

There is a trivial request error when changing the number of results per page on the 'Assign Unpublished Items' screen.

The URL generated is:
http://192.168.5.52/fez/my_fez.php?rows=10?rows=10&pager_row_my_assigned=0#

Note the duplicate rows=10 request parameter and, more importantly, the incorrect duplicate question-mark preceding it.

What's more concerning is that 'rows=10&rows=10' is injected into the SQL, which makes Fez open for a SQL injection attack:

SELECT SQL_CALC_FOUND_ROWS DISTINCT r1.* FROM fez_record_search_key AS r1

INNER JOIN
fez_record_search_key_ismemberof as r8 on r8.rek_ismemberof_pid = r1.rek_pid and r8.rek_ismemberof IN ('archives:2','archives:2')
WHERE r1.rek_status != 2 ORDER BY r1.rek_title DESC, r1.rek_pid DESC LIMIT 10?rows=10 OFFSET 0
)

Discussion

  • Matt Painter
    Matt Painter
    2008-02-17

    Logged In: YES
    user_id=485632
    Originator: YES

    File Added: Fez bugs 2.png

     
  • Matt Painter
    Matt Painter
    2008-02-17

    Example of request error

     
    Attachments
  • Christiaan
    Christiaan
    2008-02-19

    Logged In: YES
    user_id=1331369
    Originator: NO

    This is something we have also noticed are will be addressed shortly.

     
  • Christiaan
    Christiaan
    2008-02-21

    Logged In: YES
    user_id=1331369
    Originator: NO

    Actually it's mainly the sql injection fixed in the commit below - the rows issue remains and will be resolved soon - Christiaan