Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: search for nothing and get everything  (Read 6801 times)

0 Members and 1 Guest are viewing this topic.

diverdan

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
search for nothing and get everything
« on: October 03, 2006, 04:27:33 am »

in my gallery I have most of my pictures set so that you have to be a registered user to see them.  I felt all secure until I discovered that I could perform a search and return ALL the pictures in my gallery.  Without logging in I went to the search page and I used the OR option and searched for space (" ").  All the pictures in my gallery were returned.  I was then free to click around and view any of them.  Even the admin only restricted group.  I'd post a link but, well, I don't want the world viewing my gallery.
« Last Edit: October 03, 2006, 02:20:46 pm by Nibbler »
Logged

diverdan

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: search for nothing and get everything
« Reply #1 on: October 03, 2006, 04:29:10 am »

oh yeah, forgot to include version info:

URL: https://svn.sourceforge.net/svnroot/coppermine/trunk/stable

Revision: 3301
Node Kind: directory
Schedule: normal
Last Changed Author: gaugau
Last Changed Rev: 3292
Last Changed Date: 2006-09-17 11:57:04 -0700 (Sun, 17 Sep 2006)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: search for nothing and get everything
« Reply #2 on: October 03, 2006, 04:31:50 am »

Please PM me the link
Logged

diverdan

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: search for nothing and get everything
« Reply #3 on: October 03, 2006, 08:15:50 am »

looks like this this code just needs some extra parentheses.

This is the sql from my " " search:

mysql> use photogallery;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT COUNT(*) FROM coppermine_pictures WHERE (title LIKE '%%' OR caption LIKE '%%' OR keywords LIKE '%%') OR (title LIKE '%%' OR caption LIKE '%%' OR keywords LIKE '%%') AND aid NOT IN (8,9,10,11,12,13,16,17,20,21,22,24,25,26,27,28,29,32,33,34,35,37,38);
+----------+
| COUNT(*) |
+----------+
|      985 |
+----------+
1 row in set (0.01 sec)

Too many results!
Here is the result when the OR's are wrapped in parentheses and then compared to AND.

mysql> SELECT COUNT(*) FROM coppermine_pictures WHERE ((title LIKE '%%' OR caption LIKE '%%' OR keywords LIKE '%%') OR (title LIKE '%%' OR caption LIKE '%%' OR keywords LIKE '%%')) AND (aid NOT IN (8,9,10,11,12,13,16,17,20,21,22,24,25,26,27,28,29,32,33,34,35,37,38));
+----------+
| COUNT(*) |
+----------+
|       87 |
+----------+
1 row in set (0.01 sec)

mysql>

Ah, the correct number.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: search for nothing and get everything
« Reply #4 on: October 03, 2006, 11:12:36 am »

I tried accessing the site (using the link you PMed me as requested), but your gallery is currently offline. I will try to replicate the issue on my testbed.
Logged

Nibbler

  • Guest
Re: search for nothing and get everything
« Reply #5 on: October 03, 2006, 02:14:27 pm »

include/search.inc.php

Code: [Select]
$sql .= implode($type, $sections);
That should be

Code: [Select]
$sql .= '(' . implode($type, $sections) . ')';
 :-[
Logged

diverdan

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: search for nothing and get everything
« Reply #6 on: October 03, 2006, 04:27:45 pm »

Indeed, I took the gallery offline once I found the SQL but I just didn't have time to find the adjustment in the PHP.  Picked up the fix with an svn up.  Thanks to you both!
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 19 queries.