Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-8917

feed.php - No values specified for SQL IN comparison

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 3.0.6
    • Fix Version/s: 3.0.7
    • Component/s: Other
    • Labels:
      None
    • Environment:
      PHP Environment:
      Database:

      Description

      ยป SQL ERROR [ mysqli ]
       
      [0]
       
      SQL
       
      No values specified for SQL IN comparison
       
      BACKTRACE
       
       
      FILE: includes/db/dbal.php
      LINE: 379
      CALL: dbal->sql_error()
       
      FILE: feed.php
      LINE: 664
      CALL: dbal->sql_in_set()
       
      FILE: feed.php
      LINE: 755
      CALL: phpbb_feed->get_sql()
       
      FILE: feed.php
      LINE: 72
      CALL: phpbb_feed->get_item()

      Error come because the array $forum_ids not checked for empty before use in this place:

      			// Now select from forums...
      			$sql = 'SELECT t.topic_last_post_id
      				FROM ' . TOPICS_TABLE . ' t
      				WHERE ' . $db->sql_in_set('t.forum_id', $forum_ids) . '
      					AND t.topic_approved = 1
      					AND t.topic_moved_id = 0' .
      					$last_post_time_sql . '
      				ORDER BY t.topic_last_post_time DESC';
      			$result = $db->sql_query_limit($sql, $this->num_items);

      To reproduce error siply get the feed.php with not exist, hidden, disabled for feed forum_id. Like this:

      feed.php?f=666

        Attachments

          Activity

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              nissin nissin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: