| Message Text |
In our installation, we are choosing not to require users to have a 'title' or subject when entering a comment. Most comments are very succint and don't really need one.
We've discovered that when we are logged in as Admin and we wish to edit a comment, we can't. When we submit the update, we get an error message similar to the following:
Potentially dangerous query intercepted: UPDATE wsndirectory_comments SET id = '56123', linkid = '22262', (...) WHERE id=56123 -- Please report this message to the site administrator.
I've truncated the query, but you'll get the gist of it.
In looking around the code, I see that this comes from ../databases/mysql.php or ../databases/mysqli.php in a line that is hard-coded to prevent UPDATEs where the title field is empty:
if (stristr(str_replace('updated', '', str_replace('update`', '', $query)), "UPDATE") && (stristr($query, " title=''") || stristr($query, " title = ''"))) die("Potentially dangerous query intercepted: $query -- <b>Please report this message to the site administrator.</b>"); // try to catch the PF thread erasing bug
This looks like the root of our problem.
Unless I'm missing some obvious way to turn this off, I will comment this out, for now, since for us comments are not really threaded and it doesn't make a difference. However, this might get overwritten by a future software update. Would you consider making this controlled by a switch in the future?
Thanks! |
