Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sourcebans Settings page not working #499

Closed
josegoncalvestorres opened this issue Aug 8, 2018 · 2 comments
Closed

Sourcebans Settings page not working #499

josegoncalvestorres opened this issue Aug 8, 2018 · 2 comments

Comments

@josegoncalvestorres
Copy link

What are the steps to reproduce this issue?

  1. Install Sourcebans 1.7 (Latest version here on GitHub)
  2. Go to the settings of sourcebans

What happens?
It gives me this error and dont let me edit anything..

What were you expecting to happen?

Any logs, error output, etc.?

http://prntscr.com/kgac91
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''30'' at line 4' in /var/www/html/novo/includes/Database.php:77 Stack trace: #0 /var/www/html/novo/includes/Database.php(77): PDOStatement->execute() #1 /var/www/html/novo/includes/Database.php(82): Database->execute() #2 /var/www/html/novo/includes/Log.php(40): Database->resultset() #3 /var/www/html/novo/pages/admin.settings.php(93): Log::getAll(0, '30', '') #4 /var/www/html/novo/includes/page-builder.php(126): require_once('/var/www/html/n...') #5 /var/www/html/novo/index.php(37): build('SourceBans++ Se...', '/admin.settings...') #6 {main} thrown in /var/www/html/novo/includes/Database.php on line 77

Any other comments?
No

What versions of software are you using?

Operating System: Debian 8
SourceBans++ Version: 1.6.3 (But it shows 1.7 on footer)
PHP Version: 5.6
MySQL Version: 5.5.60-0+deb8u1 - (Debian)
Link to your project:
Link to a phpinfo() output:
@CrazyHackGUT
Copy link
Contributor

CrazyHackGUT commented Aug 8, 2018
edited
Loading

sourcebans-pp/web/includes/Log.php

Lines 30 to 41 in cdce21c

public static function getAll($start, $limit, $search = null)
{
$query = "SELECT ad.user, l.* FROM `:prefix_log` AS l
LEFT JOIN `:prefix_admins` AS ad ON l.aid = ad.aid
:search ORDER BY l.created DESC
LIMIT :start, :lim";
$query = str_replace(':search', filter_var($search, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), $query);
self::$dbs->query($query);
self::$dbs->bind(':start', $start, \PDO::PARAM_INT);
self::$dbs->bind(':lim', $limit, \PDO::PARAM_INT);
return self::$dbs->resultset();
}

Dumb query build.
On some PHP versions, PDO adds a quotes anyway to query.

Also i don't understand, why :search adds with str_replace, when we can just bind this param.

@josegoncalvestorres
Copy link
Author

But how can I fix?

@Groruk Groruk closed this as completed in 93e1092 Aug 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CrazyHackGUT @josegoncalvestorres