Welcome to Geeklog, Anonymous Sunday, October 13 2024 @ 11:59 am EDT
Geeklog Forums
Problem with too long a group name
Status: offline
mystral-kk
Site Admin
Admin
Registered: 03/19/06
Posts: 100
Location:Japan
Hi all,
one of GL users in Japan reported that putting too long a name in group editor can cause a serious DB trouble. This happens with multibyte strings. Let me explain.
- You put too long a multibyte string as a name of a group into the field, which is 50 characters long.
- When the string is passed as $_PUT to PHP, it is already broken.
- The string is saved into DB at lines 464-465 (GL-1.4.1, admin/groups.php).
- Since the string is broken, the next SQL query (lines 466-467) fails and $grp_id is empty.
- Finally, SQL queries at lines 486 and 507 delete all records from the gl_access table, because $grp_id is empty.
I know this is rather a rare case, but it can cause a disastrous malfunction. How about checking the length of strings before saving them into DB?
-- mystral-kk, "Every cloud has a silver lining."
8
5
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Thanks for the report. This certainly shouldn't happen.
I've added a quick sanity check for now, but this needs more in-depth research to find out what exactly is going wrong and what we could do about it.
bye, Dirk
I've added a quick sanity check for now, but this needs more in-depth research to find out what exactly is going wrong and what we could do about it.
bye, Dirk
8
5
Quote
Status: offline
mystral-kk
Site Admin
Admin
Registered: 03/19/06
Posts: 100
Location:Japan
Thanks for the quick reply, Dirk. We hope you'll come up with a nice solution.
-- mystral-kk, "Every cloud has a silver lining."
-- mystral-kk, "Every cloud has a silver lining."
6
8
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
Text Formatted Code
// line 465-8 of admin/group.phpDB_save ($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core',
"'$grp_name','$grp_descr',$grp_gl_core");
$grp_id = DB_getItem ($_TABLES['groups'], 'grp_id',
"grp_name = '$grp_name'");
The DB_getItem is the culprit. gl_groups uses an auto_incrememt primary key and as such you should be calling DB_insertId() to get that id back from the call to DB_save.
Text Formatted Code
// This code is susceptible to the same error(on line 442-4)// group names have to be unique, so check if this one exists already
$g_id = DB_getItem ($_TABLES['groups'], 'grp_id',
"grp_name = '$grp_name'");
No sure how you fix that off the top of my head. Probably need to do something like:
"grp_name = '" . substr($grp_name,0,50) . "'"
7
7
Quote
All times are EDT. The time is now 11:59 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content