|
10-03-2003, 09:18 AM | #1 |
Purple Mole
Join Date: Sep 2003
Location: Kassel, Germany
Posts: 119
|
double quotes crash Phpdig
+ exact words
+ "reference documentation" in quotes Search for test mysql_num_rows(): supplied argument is not a valid MySQL result resource on libs/search_function.php in line 164 Possible solution: In Line 53: quotes and other things which crashes a MySQL-Query must delete.
__________________
-Roland- :: Test PhpDig 1.6.2 here :: - :: Test-Search for (little) Intelligent Php-Dig Fuzzy :: Last edited by Rolandks; 10-03-2003 at 09:24 AM. |
10-04-2003, 02:29 PM | #2 |
Green Mole
Join Date: Sep 2003
Location: Brest - France
Posts: 22
|
Hi,
I'm not sure, but can this bug cause a critical SQL insertion with a "drop table" query ? For example if the searched words are like this : none';drop table keywords;select * from keywords where etc... Nicolas. |
10-05-2003, 12:52 PM | #3 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. Please check and see if you can break it again. Thanks.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
10-05-2003, 01:22 PM | #4 |
Green Mole
Join Date: Sep 2003
Location: Brest - France
Posts: 22
|
Edit for Solution :
After chekcing, there is no possibilty to include SQL code. But there is effectivly a bug as Roland said. All quotes are badly stripped. At the begining "reference documentation" is transformed in \"reference documentation\". At line #100 in search_function.php it's then transformed in \reference documentation\ (quotes disappear). Then, each word, separated by a space, is used in a query. In Roland's case, this give two queries with : .... AND k.keyword like '\reference%' and .... AND k.keyword like 'documentation\%' Of course, this cause mySql to fail. IMHO, a solution could be around lines 97-103. Thanks, Nicolas. Last edited by Iltud; 10-05-2003 at 02:37 PM. |
10-05-2003, 03:20 PM | #5 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. In search_function.php find:
PHP Code:
PHP Code:
PHP Code:
PHP Code:
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
10-15-2003, 07:52 AM | #6 |
Orange Mole
Join Date: Oct 2003
Location: hamburg, germany
Posts: 52
|
hey, i just wanted to post that bug, but fortunately there's a solution already. great. thanks. :-)
|
10-21-2003, 02:40 PM | #7 |
Green Mole
Join Date: Sep 2003
Posts: 8
|
Thanks for the solution with the double quotes. Much appreciated. It worked for me.
|
10-24-2003, 01:40 PM | #8 |
Green Mole
Join Date: Oct 2003
Location: Los Angeles
Posts: 1
|
mysql injection possibility
I have yet to test it, but I am pretty sure anyone can inject mysql queries into the search field. Sorry I have not researched the code on my own, I am hoping someone else has already done that effort.
Also, I have wrote some code that allows regex searches. Is there an easy way to submit a diff? |
10-24-2003, 04:36 PM | #9 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. The code eregi_replace("[^[:alnum:]^ ]+"," ",$query_to_parse); takes everything that is not a number, letter, or space and replaces it with a space. This happens before $kconds[$ncrit] is formed, where $kconds[$ncrit] is used to make the mysql query from the search field. Please do examine the code. The more eyes, the better.
The regex code sounds cool. Please post it in the Mod Submissions forum.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
URLs containing single quotes | mmaattttt | Troubleshooting | 2 | 08-26-2004 10:03 PM |
How can I restart spidering after crash? | yapuka | How-to Forum | 12 | 05-19-2004 04:13 AM |
speed of search and filter out double results | marb | How-to Forum | 1 | 03-29-2004 12:38 PM |
double install | marb | How-to Forum | 1 | 03-10-2004 04:40 PM |
search phrases in quotes? | rediray | How-to Forum | 1 | 10-03-2003 07:39 PM |