Invision Power Board Code Bug

March 1st, 2007 at 11:37 am by Mark
Tags: , , , , , ,

     Yesterday, I was called to fix this bug, which caused a SQL error when users would go to the Stats / Leaders page:

Error:

mySQL query error: SELECT m.id, m.name, m.email, m.hide_email, m.location, m.aim_name, m.icq_number,
  f.id as forum_id, f.read_perms, f.name as forum_name, c.state
  FROM ibf_members m, ibf_categories c
  LEFT JOIN ibf_moderators mod ON((m.id=mod.member_id or (mod.is_group=1 and mod.group_id=m.mgroup)))
  LEFT JOIN ibf_forums f ON(f.id=mod.forum_id)
  WHERE c.id=f.category AND c.state != 0

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘mod ON((m.id=mod.member_id or (mod.is_group=1 and mod.group_id=m.mgroup)))’ at line 4

     Not too difficult to spot that first LEFT JOIN is broke … Editing the query in ~/sources/misc/stats.php, line 255, and surrounding `mod` with backticks did the job.

     Although, it’d be nice if customers would keep their software versions up-to-date…


Robinhood: Free Stocks for your Referrals!

3 Responses to “Invision Power Board Code Bug”

  1. nitr021 Says:

    Well the problem with users trying to update their ipb forum is that they have quite a lot of addons which have edits in quite a lot of pages. Some people take days to implement those to the new version. And sometimes there are big errors that pops up because the author of the mod screwed up.

  2. Mark Says:

    Security over functionality *any* day. I’d rather not have a Spam Factory running on any server I administer, which is the problem with most out-of-date Forum software … in this case, the customer’s version was more than a year old — and, to my knowledge, unmodified.

  3. nitr021 Says:

    Thats why i hate to do file edit mods. All my mods are run through the standard component or module implementation that ipb has. The only thing that the users do is just edit the settings via admincp and that is it.
    The problem with this is that the hack is limited to do certain things