Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11290

no validate_data for login attempts

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 3.0.11
    • Fix Version/s: 3.0.15-RC1
    • Component/s: Login
    • Labels:
      None
    • Environment:
      PHP Version 5.3.3-7+squeeze14; MySQL 5.1.63; Debian squeeze

      Description

      It seems that for login attempts - at least for username - not validated data is used. It seems that some spambots are stupid too much.
      A general error occured: General Error
      » SQL ERROR [ mysql4 ]

      Data too long for column 'username' at row 1 [1406]

      SQL

      INSERT INTO phpbb3mt_login_attempts (attempt_ip, attempt_browser, attempt_forwarded_for, attempt_time, user_id, username, username_clean) VALUES ('175.44.1.77', 'Mozilla/0.6 Beta (Windows)', '', 1356020835, 0, '[url=http://www.jacketsgukijp.com/]モンクレールダウン[/url] [url=http://www.jacketsgukijp.com/]モンクレールジャケット[/url] [url=http://www.jacketsgukijp.com/]モンクレール激安[/url] [url=http://www.shoeonsalejp.com/]ナイキ シューズ[/url] [url=http://www.shoeonsalejp.com/]ナイキ ショックス[/url] [url=http://www.shoeonsalejp.com/]ナイキ 販売[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウバッグ[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウショルダーバッグ[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウアウトレット[/url]', '[url=http://www.jacketsgukijp.com/]モンクレールダウン[/url] [url=http://www.jacketsgukijp.com/]モンクレールジャケット[/url] [url=http://www.jacketsgukijp.com/]モンクレール激安[/url] [url=http://www.shoeonsalejp.com/]ナイキ シューズ[/url] [url=http://www.shoeonsalejp.com/]ナイキ ショックス[/url] [url=http://www.shoeonsalejp.com/]ナイキ 販売[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウバッグ[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウショルダーバッグ[/url] [url=http://www.miumiusuzujp.com/]ミュウミュウアウトレット[/url]')

      BACKTRACE

      FILE: (not given by php)
      LINE: (not given by php)
      CALL: msg_handler()

      FILE: [ROOT]/includes/db/dbal.php
      LINE: 754
      CALL: trigger_error()

      FILE: [ROOT]/includes/db/mysql.php
      LINE: 175
      CALL: dbal->sql_error()

      FILE: [ROOT]/includes/auth/auth_db.php
      LINE: 101
      CALL: dbal_mysql->sql_query()

      FILE: [ROOT]/includes/auth.php
      LINE: 919
      CALL: login_db()

      FILE: [ROOT]/includes/functions.php
      LINE: 3074
      CALL: auth->login()

      FILE: [ROOT]/ucp.php
      LINE: 81
      CALL: login_box()

        Attachments

          Activity

            People

            • Assignee:
              CHItA CHItA
              Reporter:
              Martin Truckenbrodt Martin Truckenbrodt
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: