Bug in the forum search

Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic

   Howdy,

There seems to be a bug in the forum search. I remembered starting a post asking a question about MSG_UPDATE and wanted to reread the replies. So I typed in MSG_UPDATE in the forum search looking for topics, and it listed 2 topics started by me, but when I selected either topic I get this error:

Server Error in Forum Application

WARNING: SQL Injection attack detected.

Please contact the forum administrator.

Support Error Code:- err_Access_SqlInjectionTest()

File Name:- functions_filters.asp

Error details:-

If I go back to the search and instead search for topics started by me, the 2 topics about MSG_UPDATE are included in the list, and when I click on them from that list, they're fine and I can read them.

I'm curious if the "_" character in "MSG_UPDATE" is causing a problem in the search?

Adios,

Cactus Dan

Author	Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic
Cactus Dan Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2003 Apr 18 Location: United States Online Status: Offline Posts: 519	Post Options Post Reply Quote Cactus Dan Report Post Quote Reply Topic: Bug in the forum search Posted: 2010 Jul 22 at 1:12pm
	Howdy, There seems to be a bug in the forum search. I remembered starting a post asking a question about MSG_UPDATE and wanted to reread the replies. So I typed in MSG_UPDATE in the forum search looking for topics, and it listed 2 topics started by me, but when I selected either topic I get this error: Server Error in Forum Application WARNING: SQL Injection attack detected. Please contact the forum administrator. Support Error Code:- err_Access_SqlInjectionTest() File Name:- functions_filters.asp Error details:- If I go back to the search and instead search for topics started by me, the 2 topics about MSG_UPDATE are included in the list, and when I click on them from that list, they're fine and I can read them. I'm curious if the "_" character in "MSG_UPDATE" is causing a problem in the search? Adios, Cactus Dan

Cactus Dan Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2003 Apr 18 Location: United States Online Status: Offline Posts: 519	Post Options Post Reply Quote Cactus Dan Report Post Quote Reply Posted: 2010 Jul 22 at 1:20pm
	Howdy, Well, I tried other "MSG_" messages like "MSG_POINTS_CHANGED" and they seem to be fine in the search. Maybe it's just the "MSG_UPDATE" that causes the problem? Adios, Cactus Dan

Matthias Bober Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Forum Moderator Joined: 2006 Oct 16 Location: Germany Online Status: Offline Posts: 1644	Post Options Post Reply Quote Matthias Bober Report Post Quote Reply Posted: 2010 Jul 22 at 11:59pm
	It seems to work fine here. Please try again. cheers, Matthias
	MAXON developer support

spedler Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2008 Apr 19 Location: United Kingdom Online Status: Offline Posts: 96	Post Options Post Reply Quote spedler Report Post Quote Reply Posted: 2010 Jul 23 at 4:11am
	Confirmed here. Do the search, click on a topic, and bang, server error as Dan posted.

spedler Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2008 Apr 19 Location: United Kingdom Online Status: Offline Posts: 96	Post Options Post Reply Quote spedler Report Post Quote Reply Posted: 2010 Jul 23 at 4:23am
	A little more testing shows that this is because UPDATE is an SQL keyword. For some reason, it requires an underscore in front to cause the error. You can do a search for _SELECT or _DELETE (both SQL keywords) and get the same error. I guess any keyword will do it if it actually finds some search matches for that keyword. Just a silly bug in the database code, I think.

Cactus Dan Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2003 Apr 18 Location: United States Online Status: Offline Posts: 519	Post Options Post Reply Quote Cactus Dan Report Post Quote Reply Posted: 2010 Jul 23 at 6:18am
	Howdy, Yep, the same thing happens with UNDO_DELETE. But it only affects the search when you choose to show "Topics". If you choose to show "Posts" then it's fine. Adios, Cactus Dan

Matthias Bober Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Forum Moderator Joined: 2006 Oct 16 Location: Germany Online Status: Offline Posts: 1644	Post Options Post Reply Quote Matthias Bober Report Post Quote Reply Posted: 2010 Jul 23 at 6:40am
	Ah, I missed the point that you had to click on one of the listed topics. I can now confirm this too. cheers, Matthias
	MAXON developer support

Matthias Bober Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Forum Moderator Joined: 2006 Oct 16 Location: Germany Online Status: Offline Posts: 1644	Post Options Post Reply Quote Matthias Bober Report Post Quote Reply Posted: 2010 Jul 23 at 6:43am
	I forwarded the issue. cheers, Matthias
	MAXON developer support

Cactus Dan Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Member Joined: 2003 Apr 18 Location: United States Online Status: Offline Posts: 519	Post Options Post Reply Quote Cactus Dan Report Post Quote Reply Posted: 2010 Jul 23 at 6:48am
	Howdy, Yeah, I normally like to list the topics so I can read the entire thread. That error has popped up before, but I thought it was just a random error. Adios, Cactus Dan