Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13617

Bot session continuation with invalid f= query parameter causes SQL error

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.13-PL1, 3.1.3
    • Fix Version/s: 3.0.14-RC1, 3.1.4-RC1
    • Component/s: Sessions
    • Labels:
      None

      Description

      session_begin() and session_create() call session_update(), or in 3.0 simply run an SQL UPDATE query. This query is wrapped in return_on_error statements in session_begin() to avoid issues with a 3.0.2 update that modified the schema of the phpbb_sessions table. The session_create() call does not use return_on_error, it is only used to update bot sessions.

      The session_forum_id column is updated with the f query paramter cast to integer. However this may exceed the allowed values if either a negative parameter (f=-1) or an integer that is too big (f=2147483647) is specified. In this case MySQL returns "Out of range value for column 'session_forum_id' at row 1 " because we enable strict mode in the MySQL DBAL.

      • (3.1+ only) We should look into whether we can avoid using return_on_error for the UPDATE query to become aware of actual SQL errors.
      • (3.1+ only) We should move return_on_error treatment into the update function itself so it is dealt with in the same way in all places
      • We should limit the values for the f paramter to allowed values for the table column

        Activity

        Hide
        naderman Nils Adermann added a comment -
        Show
        naderman Nils Adermann added a comment - Ascraeus fix at https://github.com/phpbb/phpbb/pull/3444
        Hide
        bantu Andreas Fischer added a comment - - edited

        Isn't this part of a larger issue where all integer input should be checked for fitting columns?

        Show
        bantu Andreas Fischer added a comment - - edited Isn't this part of a larger issue where all integer input should be checked for fitting columns?

          People

          • Assignee:
            naderman Nils Adermann
            Reporter:
            naderman Nils Adermann
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development