Line 53 of regimage.php reads:

if (!ih OR !($imageinfo = $DB_site->query_first("SELECT imagestamp FROM regimage WHERE regimagehash = '" . addslashes($ih) . "'")))

Should !ih be !$ih?

It should be !$ih.

It should be $ih.

Just to clarify, should it be the following?:

if (!$ih OR !($imageinfo = $DB_site->query_first("SELECT imagestamp FROM regimage WHERE regimagehash = '" . addslashes($ih) . "'" )))

$ih (without the ! prefix) resulted in a broken image for us.

Best wishes,
Paul

Yes !$ih, I was just emphasizing the missing $.

It should be !$ih. ummm.... so what would happen if this fix wasn't applied, like what happens?

ummm.... so what would happen if this fix wasn't applied, like what happens?
Your server will catch on fire. :D

Actually, it appears like a security issue. $ih seems to be some sort of hash passed on by the registration form when the image is loaded. That code will cause no image to be displayed should the ih variable not be passed along to it.

If you don't apply the fix, then the check won't work and the image will load regardless of whether or not $ih is defined.

Best wishes,
Paul

Actually I think $ih is the image handle so if creating the image handle fails for some reason it won't be detected. I don't think it can easily be exploited unless you can inject constants in via the URL.

Your server will catch on fire. :D

Actually, it appears like a security issue. $ih seems to be some sort of hash passed on by the registration form when the image is loaded. That code will cause no image to be displayed should the ih variable not be passed along to it.

If you don't apply the fix, then the check won't work and the image will load regardless of whether or not $ih is defined.

Best wishes,
Paul
There is no security issue here as far as I can see. The original line reads:

if (!ih OR !($imageinfo = $DB_site->query_first("SELECT imagestamp FROM regimage WHERE regimagehash = '" . addslashes($ih) . "'")))
ih, which is treated as a string since no such constant exists, evaluates to true, so !ih will always evaluate to false. Since this is an OR conditional, you might as well ignore the first part of it since it will always be false, and you are left with:

if (!($imageinfo = $DB_site->query_first("SELECT imagestamp FROM regimage WHERE regimagehash = '" . addslashes($ih) . "'")))
Which is simply a check to see if there is an image available with the given $ih. If $ih is not passed by the form addslashes($ih) will return an empty string, and so no image will be found and the exit call will be executed - in other words, not passing $ih would cause the exact same effect with or without the !$ih check.

Not even a bug if you think about it, it doesn't change the functionality of this feature.

There is no security issue since putting the first !$ih in place is just me just trying to save the query from being run if $ih isn't defined.