Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10021

"Find a member" generates SQL error when large dates are entered

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.0.9-RC1
    • Component/s: ACP
    • Labels:
      None
    • Environment:
      PHP 5.1.6 Mysql 5.0.77 (CentOS 5.5 Build)

      Description

      Entering an invalid date (20111-02-03 in this case) into the "Find a member" search forms "joined" input element results in SQL query error (General Error) copied below.

      General Error
      SQL ERROR [ mysqli ]

      You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 4 [1064]

      SQL

      SELECT COUNT(u.user_id) AS total_users FROM phpbb_users u WHERE u.user_type IN (0, 3) AND u.user_regdate <

      BACKTRACE

      FILE: includes/db/mysqli.php
      LINE: 163
      CALL: dbal->sql_error()

      FILE: memberlist.php
      LINE: 1263
      CALL: dbal_mysqli->sql_query()

        Issue Links

          Activity

          Hide
          rxu Ruslan Uzdenov added a comment -

          The cause of the issue is the fact that mktime () (and hence gmmktime()) can handle year values up to 2038 (at least on 32bit systems):

          The number of the year, may be a two or four digit value, with values between 0-69 mapping to 2000-2069 and 70-100 to 1970-2000. On systems where time_t is a 32bit signed integer, as most common today, the valid range for year is somewhere between 1901 and 2038. However, before PHP 5.1.0 this range was limited from 1970 to 2038 on some systems (e.g. Windows).

          PHP: mktime - Manual.

          So use of 20111 may cause the problem on some installations.
          Validation of "Joined" and "Last active" dates would be a good idea.

          Show
          rxu Ruslan Uzdenov added a comment - The cause of the issue is the fact that mktime () (and hence gmmktime()) can handle year values up to 2038 (at least on 32bit systems): The number of the year, may be a two or four digit value, with values between 0-69 mapping to 2000-2069 and 70-100 to 1970-2000. On systems where time_t is a 32bit signed integer, as most common today, the valid range for year is somewhere between 1901 and 2038. However, before PHP 5.1.0 this range was limited from 1970 to 2038 on some systems (e.g. Windows). PHP: mktime - Manual . So use of 20111 may cause the problem on some installations. Validation of "Joined" and "Last active" dates would be a good idea.
          Hide
          rxu Ruslan Uzdenov added a comment -

          Although validate_data() will be ineffective since validate_date() used in it applies ckeckdate() which allows year value between 1 and 32767 inclusive.

          Show
          rxu Ruslan Uzdenov added a comment - Although validate_data() will be ineffective since validate_date() used in it applies ckeckdate() which allows year value between 1 and 32767 inclusive.
          Hide
          bantu Andreas Fischer added a comment -

          Put the code into a function.

          Show
          bantu Andreas Fischer added a comment - Put the code into a function.
          Hide
          bantu Andreas Fischer added a comment -

          Looking at the code again, I would say there is only little gain in using a function.

          Show
          bantu Andreas Fischer added a comment - Looking at the code again, I would say there is only little gain in using a function.
          Hide
          bantu Andreas Fischer added a comment -

          Merged by Igor.

          Show
          bantu Andreas Fischer added a comment - Merged by Igor.

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              siosal siosal
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development