Problems with forum plugin Problems with forum plugin
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Problems with forum plugin

Started by PhotoFan, January 27, 2012, 03:39:01 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Print
Go Down Pages1
User actions

PhotoFan

January 27, 2012, 03:39:01 PM
Hello,

My name is Paul and I am completely new to Coppermine.
I have build a website for people to share their pictures in an online community. http://www.whats-hot-nl.com/photofan
Also I installed the Forum plugin, so they can disscus technical information and other  topics.

When I or someone else using the forum try to post a new message I get a blanc page with this message:

"Array (
  • => Error Number: 1064 [1] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's mag maken. :-D Mvg, Paul ', 1327674879, '2', 'Paul', '84.80.87.182', 1, 26, ' at line 1 [2] => INSERT INTO cpg_fr_messages (icon, subject, body, poster_time, poster_id, poster_name, poster_ip, smileys_enabled, topic_id, board_id) VALUES ('icon2', 'Er is er één jarig, hoera, hoera', 'Reg, beter een dag te laat da helemaal niet! Van harte gefeliciteerd en dat je nog maar veel foto's mag maken. :-D Mvg, Paul ', 1327674879, '2', 'Paul', '84.80.87.182', 1, 26, 6) )"

    My webhost told me to reïnstall the plugin, so I did. But the problem did not disapeare.
    I really have no idea how to solve this, please help

    Regards, Paul

Αndré

#1
January 27, 2012, 03:46:35 PM
I'll check that. Seems to be a serious error in the code.

PhotoFan

#2
January 27, 2012, 03:50:35 PM
Thnx André,

I have made a test account.

Username: Test
ww: Test123

Regards, Paul

Αndré

#3
January 27, 2012, 04:18:19 PM
Obviously the input doesn't get escaped. Usually it should, as it's processed by that function:
Code Select
    function escape_str($str) {   
        if (get_magic_quotes_gpc()) {
            return $str;
        }
        if (function_exists('mysql_real_escape_string')) {
            return mysql_real_escape_string($str, $this->conn_id);
        } elseif (function_exists('mysql_escape_string')) {
            return mysql_escape_string($str);
        } else {
            return addslashes($str);
        }
    }

We have 2 options:
1. I'd need FTP access to the forum plugin directory (if you trust me) to debug what's going on. I'll give you my contact details so you can send me the login data, don't post them publicly!
2. Talk again to your webhost, tell them magic_quotes_gpc seems to work incorrectly (not recommended yet, as that's just an assumption without further tests)

PhotoFan

#4
January 27, 2012, 04:57:58 PM
André, that would be great.

If you send me youre contact details, I will send you my admin login.

Thnx, Paul

Αndré

#5
January 27, 2012, 05:04:31 PM
PM sent.

Αndré

#6
January 30, 2012, 03:51:13 PM
This part of the function will be used:
Code Select
        if (get_magic_quotes_gpc()) {
            return $str;
        }
as magic_quotes_gpc is enabled, at least that function tells that it does.


I haven't investigated if magic_quotes_gpc generally doesn't work as expected or if it's just an issue with the forum plugin. I commented out that part and everything seems to work fine now.

PhotoFan

#7
February 02, 2012, 08:57:18 AM
Hi André,

Sorry for the delay in reaction, I've had a bad flew!

Thanx for the help, For as much as I did online I did not encounter any problems so far.
It seems everything is working fine now.

Thanx from the whole PhotoFan Community  :D
Print
Go Up Pages1
User actions