[geeklog-devtalk] geeklog-devel digest, Vol 1 #511 - 1 msg

geeklog-devel-request at lists.geeklog.net geeklog-devel-request at lists.geeklog.net
Sun Feb 20 13:00:02 EST 2005

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #510 - 1 msg
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #512 - 2 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."

Today's Topics:

1. Re: COM_applyFilter doesn't accept negative numbers (Dirk Haun)

--__--__--

Message: 1
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
Date: Sat, 19 Feb 2005 22:37:09 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Vinny,

>If you call COM_applyFilter($var, true) you run into a problem if $var

>is negative. In that case COM_applyFiler will return 0.

Yep, I noticed this myself some time ago. Someone reported that it wasn't
possible to disable poll comments and it came down to the same problem. I
actually worked around it in admin/poll.php now.

>Notice the preg_match won't match negative numbers. This is easily

>fixed

Good catch.

>Is there any problem if we allow numbers like 4e4 to be accepted?

I couldn't see a reason for us to accept large numbers, especially not in
that notation. Couple that with an unspecified fear of allowing DoS-type
attacks in some scenarios.

In other words, there's no comprehensible reason and we should probably
be doing more sanity checks before accepting large numeric values instead.

Which reminds me of an observation from this discussion: <http://
www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure
out how Geeklog could come up with those SQL errors, and it seems if
someone tries to post a comment as a reply to a nonexistent comment ID,
we throw an SQL error. Shouldn't Geeklog catch those?

bye, Dirk

--
http://www.haun-online.de/
http://geeklog.info/

--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel

End of geeklog-devel Digest

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #510 - 1 msg
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #512 - 2 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devtalk mailing list