BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability
Apr 28 2004 09:03AM
BlueRaven (blue ravenconsulting it)
On Wed, Apr 21, 2004 at 09:10:55AM +0800, Xin LI wrote:
Hi Xin, I think there's an error in your patch:
> - if ( !$db->sql_query($sql) )
> + if ( $user_id != ANONYMOUS && !$db->sql_query($sql) )
This does NOT prevent execution of the query, only effects output of the
message:
> {
> mess...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Hi Xin, I think there's an error in your patch:
> - if ( !$db->sql_query($sql) )
> + if ( $user_id != ANONYMOUS && !$db->sql_query($sql) )
This does NOT prevent execution of the query, only effects output of the
message:
> {
> mess...
[ more ]