[Clipart] Fwd: Re: Openclipart.org shows database error

Stephan Beal stephan at wanderinghorse.net
Thu Jul 12 07:03:26 PDT 2007 

i think this should have been sent to the list, instead of just me...

----------  Forwarded Message  ----------

Subject: Re: [Clipart] Openclipart.org shows database error
Date: Thursday 12 July 2007
From: Greg Bulmash <oneminuteinspirations at gmail.com>
To: Stephan Beal <stephan at wanderinghorse.net>

Short Answer: Maybe you need to upgrade the version of Bad Behavior.

Long answer: Yanked every PHP file from the Bad Behavior 2.0.10 (most 
recent) distribution into a text editor and did a global search for 
Selects.  Found the query, but it's commented out and they've got a 
number where INF would be.

================================================

//		FIXME: This is b0rked, but why?
//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
//			return "c1fa729b";

		// Screen for user agent changes
		// User connected previously with blank user agent
//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " 
WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') 
AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > 
DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
		// Damnit, too many ways for this to fail :(
//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
//			return "799165c2"

=================================================

Last option is that INF is intended to be a constant (did not find any 
defining of INF as a constant in the 2.0.10 code, but didn't find that 
exact query either).

Problem is, INF in caps is protected in some way.

<?php

define("INF",5,true);

echo INF; // Output: INF
echo inf; // Output: 5

?>


- Greg


Stephan Beal wrote:
> Hiya!
> 
> This error has nothing to do directly with the db version, but the db 
> schema. The query clearly uses a field named INF which is not actually 
> in the db table being queried. The error says:
> 
>>>> A database error has occurred
>>>> Query: SELECT `ip` FROM `mw_bad_behavior_log` WHERE `ip` LIKE
>>>> '127.0.0.1' AND `http_response` = 403 AND `date` >
>>>> DATE_SUB('2007-07-10 22:05:19', INTERVAL INF MINUTE)
> 
> The query is just plain broken - it's refering to a field which is not 
> defined in the query. According to the docs for DATE_SUB/DATE_ADD:
> 
> 
http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_date-add
> 
> INF field is used, there should a number should be. In this case it's 
> referring to a field. Normally that would be legal (assuming the field 
> is numeric), but the field doesn't exist. For example, the following 
> works:
> 
> mysql> select DATE_SUB('2007-07-10 22:05:19', INTERVAL 1 MINUTE);
> +----------------------------------------------------+
> | DATE_SUB('2007-07-10 22:05:19', INTERVAL 1 MINUTE) |
> +----------------------------------------------------+
> | 2007-07-10 22:04:19                                |
> +----------------------------------------------------+
> 1 row in set (0.08 sec)


-------------------------------------------------------

-- 
----- stephan beal
http://www.wanderinghorse.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/clipart/attachments/20070712/7c501943/attachment.pgp>

More information about the clipart mailing list