Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11971

Validating not correctly in Spambot countermeasures

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.12
    • Fix Version/s: 3.1.7-RC1
    • Component/s: ACP
    • Labels:
      None
    • Environment:
      PHP 5.3.15, MySQL 5.5.25a, tested in Firefox, Chrome and Opera

      Description

      A member of the team in phpBB Spain, I report a possible bug, I said the following and try to translate it, but my English is not good.

      It's a rather small data validation issue in the ACP that does a lot of damage.

      In ACP > Board Configuration > Spambot countermeasures can modify registry values ​​and Maximum Attempts connection attempts and put negative values, if you leave posts that users make them subject to error logging and you try have to solve the CAPTCHA.

      Since the modules user registration settings and security settings if validating correctly.

      This possible error is in includes/acp/acp_captcha.php file, i'm not sure...

      Line 73
      set_config($config_var, request_var($config_var, $options['default']));

      Possible Fix???
      $request_config = request_var($config_var, $options['default']);
      $request_config = ($options['default'] === 0 && $request_config < 0) ? 0 : $request_config;
      set_config($config_var, $request_config);

        Attachments

          Activity

            People

            • Assignee:
              prototech prototech [X] (Inactive)
              Reporter:
              Raul [ThE KuKa] Raul Arroyo
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: