In our installation, we are choosing not to require users to have a 'title' or subject when entering a comment. Most comments are very succint and don't really need one.
We've discovered that when we are logged in as Admin and we wish to edit a comment, we can't. When we submit the update, we get an error message similar to the following:
Potentially dangerous query intercepted: UPDATE wsndirectory_comments SET id = '56123', linkid = '22262', (...) WHERE id=56123 -- Please report this message to the site administrator.
I've truncated the query, but you'll get the gist of it.
In looking around the code, I see that this comes from ../databases/mysql.php or ../databases/mysqli.php in a line that is hard-coded to prevent UPDATEs where the title field is empty:
if (stristr(str_replace('updated', '', str_replace('update`', '', $query)), "UPDATE") && (stristr($query, " title=''") || stristr($query, " title = ''"))) die("Potentially dangerous query intercepted: $query -- <b>Please report this message to the site administrator.</b>"); // try to catch the PF thread erasing bug
This looks like the root of our problem.
Unless I'm missing some obvious way to turn this off, I will comment this out, for now, since for us comments are not really threaded and it doesn't make a difference. However, this might get overwritten by a future software update. Would you consider making this controlled by a switch in the future?
if (stristr(str_replace('updated', '', str_replace('update`', '', $query)), "UPDATE") && stristr($query, '_links') && (stristr($query, " title=''") || stristr($query, " title = ''"))) die("Potentially dangerous query intercepted: $query -- <b>Please report this message to the site administrator.</b>"); // try to catch the PF thread erasing bug
and mysql.php has the version you list above, which doesn't properly restrict it to only run the check for links and not comments. Fixed mysql.php for next release.
0/5
1
2
3
4
5
Sorry, you don't have permission to post posts. Log in, or register if you haven't yet.
Comments on Problem editing comments with no title
Beginner
Usergroup: Member
Joined: Jun 30, 2009
Total Topics: 4
Total Comments: 8
In our installation, we are choosing not to require users to have a 'title' or subject when entering a comment. Most comments are very succint and don't really need one.
We've discovered that when we are logged in as Admin and we wish to edit a comment, we can't. When we submit the update, we get an error message similar to the following:
I've truncated the query, but you'll get the gist of it.
In looking around the code, I see that this comes from ../databases/mysql.php or ../databases/mysqli.php in a line that is hard-coded to prevent UPDATEs where the title field is empty:
This looks like the root of our problem.
Unless I'm missing some obvious way to turn this off, I will comment this out, for now, since for us comments are not really threaded and it doesn't make a difference. However, this might get overwritten by a future software update. Would you consider making this controlled by a switch in the future?
Thanks!
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
mysqli.php has the correct
if (stristr(str_replace('updated', '', str_replace('update`', '', $query)), "UPDATE") && stristr($query, '_links') && (stristr($query, " title=''") || stristr($query, " title = ''"))) die("Potentially dangerous query intercepted: $query -- <b>Please report this message to the site administrator.</b>"); // try to catch the PF thread erasing bug
and mysql.php has the version you list above, which doesn't properly restrict it to only run the check for links and not comments. Fixed mysql.php for next release.