Here is another bug I catched:

In memberlist.php $perpage variable does not have an upperlimit check against malicious value assigning by the user. That is, any user can set this variable to a very high value and get the Server on its knees by creating a very server intensive process.

Here is the fix for this bug:
Edit memberlist.php find
if (intval($perpage)==0) {

Replace it as:
if (intval($perpage)==0 OR intval($perpage)>100) {

IMO this is an important bug which can be easily exploited and the fix is crucial..

Regards,
Logician

Moving to bugs to be checked by a Developer.

Just steal the code from forumdisplay.php

// set defaults
$perpage = intval($perpage);
if (empty($perpage) or $perpage>200) {
$perpage=30;
}

Originally posted by PPN
Just steal the code from forumdisplay.php

// set defaults
$perpage = intval($perpage);
if (empty($perpage) or $perpage>200) {
$perpage=30;
} ummmm... so where abouts do we put that code?

I assume we can use this:


// set defaults
$perpage = intval($perpage);
if (empty($perpage) or $perpage>200) {
$perpage = $memberlistperpage;
}

Yes, that's right Erwin

Sorry, still a bit confused here. So where abouts in the code do I put this? i.e. what line? replacing any code?

Find in memberlist.php


if (intval($perpage)==0) {
....
...
}


I can't remember what is between the { } but just replace it all.

Replace with:


$perpage = intval($perpage);
if (empty($perpage) or $perpage>200) {
$perpage = $memberlistperpage;
}

Btw, DWZ, I'm located in Melbourne too. :)

hmmm... well, I think I found it. I found the code::if (intval($perpage)==0) {
// NUMBER OF RECORDS PER PAGE
$perpage = $memberlistperpage;
}then replced it with:if (intval($perpage)==0) {
// NUMBER OF RECORDS PER PAGE
$perpage = intval($perpage);
if (empty($perpage) or $perpage>200) {
$perpage = $memberlistperpage;
}but then I get this everytime I go to memberlist.phpParse error: parse error, unexpected $ in /home/dwz/public_html/forums/memberlist.php on line 234Line 234 is just?>When I took out the added code for this fix it worked fine again. :confused: Originally posted by Erwin
Btw, DWZ, I'm located in Melbourne too. :) really? cool :) where abouts?

Notice I said REPLACE the old code with the new.

You still have


if (intval($perpage)==0) {


in the new code - just REMOVE that line. :) The parse error is because you have 2 "if" lines, with that extra "if" line and an open { without another } - just erase that line and you'll be fine.

I'm working in the Defence Plaza on Bourke Street. We had a bomb scare earlier today! Had to evacuate... gave me a fright.

Originally posted by Erwin
Notice I said REPLACE the old code with the new.

You still have


if (intval($perpage)==0) {


in the new code - just REMOVE that line. :) The parse error is because you have 2 "if" lines, with that extra "if" line and an open { without another } - just erase that line and you'll be fine. ahh, ok, sorry about that :) I thought when you said to replace that code, you only meant that bit in the middle :)

Working fine now :D Originally posted by Erwin
I'm working in the Defence Plaza on Bourke Street. We had a bomb scare earlier today! Had to evacuate... gave me a frightAhh, ok, I'm over in the Box Hill area :)

Bomb scares aren't good though :S