General discussion
Can't insert MySQL commands into post

I can't post code with MySQL command like below.

"SELECT * FROM `table` WHERE B = B"

When I try post this I get alert error:

codoforum error undefined

I can't post code with MySQL command like below. ```` "SELECT * FROM `table` WHERE B = B" ```` When I try post this I get alert error: > codoforum error undefined
edited Apr 2 at 11:20 am

Hi,

Did you get an error in this forum as well? We are not able to reproduce this issue.

Hi, Did you get an error in this forum as well? We are not able to reproduce this issue.
Necessity is the mother of all inventions!

Nope here's OK as you see - full command is sent without issue.
Maybe this code is faulty?

var CODOF = {
                hook: {
                    hooks: [],
                    add: function (myhook, func, weight, args) {

                        var i = 0;
                        if (typeof weight === "undefined") {

                            weight = 0;
                        }
                        if (typeof args === "undefined") {

                            args = {
                            };
                        }

                        if (typeof CODOF.hook.hooks[myhook] !== "undefined") {

                            i = CODOF.hook.hooks[myhook].length;
                        } else {

                            CODOF.hook.hooks[myhook] = [];
                        }

                        CODOF.hook.hooks[myhook][i] = {
                            func: func,
                            args: args,
                            weight: weight
                        };
                    }
                }
            }
Nope here's OK as you see - full command is sent without issue. Maybe this code is faulty? ```` var CODOF = { hook: { hooks: [], add: function (myhook, func, weight, args) { var i = 0; if (typeof weight === "undefined") { weight = 0; } if (typeof args === "undefined") { args = { }; } if (typeof CODOF.hook.hooks[myhook] !== "undefined") { i = CODOF.hook.hooks[myhook].length; } else { CODOF.hook.hooks[myhook] = []; } CODOF.hook.hooks[myhook][i] = { func: func, args: args, weight: weight }; } } } ````
edited Apr 2 at 11:39 am

Hi,

The code you posted is a generic code for creating and listening to hooks so it's not related.

Can you check in chrome network tab(developer tools) for the request being made when you post, what response are you getting for that request?

Hi, The code you posted is a generic code for creating and listening to hooks so it's not related. Can you check in chrome network tab(developer tools) for the request being made when you post, what response are you getting for that request?
Necessity is the mother of all inventions!

index.php?u=/Ajax/topic/edit show me Status Code: 403

When I delete last letter from SELECT it's working OK. Some of functions which one controls post filter probably catching "SELECT" as SQL attack.
@admin or @adesh

**index.php?u=/Ajax/topic/edit** show me Status Code: 403 When I delete last letter from SELECT it's working OK. Some of functions which one controls post filter probably catching "SELECT" as SQL attack. @admin or @adesh
edited Apr 10 at 6:04 pm

Thank You very very much @MESSIAH for that important report. It would be great if You would mention @admin or @adesh in important aswers of posts - otherwise it can happen that such important things are overlooked.

THx again and stay healthy mate,

Andy

**Thank You very very much** @MESSIAH for that important report. It would be great if You would mention @admin or @adesh in important aswers of posts - otherwise it can happen that such important things are overlooked. THx again and stay healthy mate, Andy

45 years old and still not smarter lol

Check my GitHub Repos: https://github.com/WebCrew

My CrazyMates Account: https://crazymates.de/Crazymate

Cute but Evil Community: https://cute-but-evil.de

Hi,

We are not able to replicate this in our localhost.
Is it possible that your hosting has some security filters installed in your server for all the requests?
Because codoforum does not have any filters to prevent SQL queries in posts.

Can you check if there any errors in PHP/server error logs?

Hi, We are not able to replicate this in our localhost. Is it possible that your hosting has some security filters installed in your server for all the requests? Because codoforum does not have any filters to prevent SQL queries in posts. Can you check if there any errors in PHP/server error logs?
Necessity is the mother of all inventions!

@admin
Nope it's seems to be a javascript alert 5e92a91b3c1ab
After when I type:

SELECT * FROM

5e92a95d3fa27

Server probably don't have any mods for filtering content sending by POST and take interaction with javascript. But when I type this SQL command with typo then all date are accepted.

@admin Nope it's seems to be a javascript alert ![5e92a91b3c1ab](serve/attachment&path=5e92a91b3c1ab) After when I type: ``` SELECT * FROM ``` ![5e92a95d3fa27](serve/attachment&path=5e92a95d3fa27) Server probably don't have any mods for filtering content sending by POST and take interaction with javascript. But when I type this SQL command with typo then all date are accepted.
edited Apr 12 at 6:41 am

Hi,

Can you give us the link to your forum with a test account?

Hi, Can you give us the link to your forum with a test account?
Necessity is the mother of all inventions!

Did you get an error in this forum as well? We are not able to reproduce this issue.

Did you get an error in this forum as well? We are not able to reproduce this issue.

Issue confirmed on my fresh install also.

5ebbc66f39c58

  • Codoforum 4.9.3
  • PHP 7.3.6
  • MySQL: 5.7.30
Issue confirmed on my fresh install also. ![5ebbc66f39c58](serve/attachment&path=5ebbc66f39c58) - Codoforum 4.9.3 - PHP 7.3.6 - MySQL: 5.7.30
edited May 13 at 11:09 am

Hi,

Please disable the spam detector from the backend. We are planning to remove it from the forum so it will not be updated.

Hi, Please disable the spam detector from the backend. We are planning to remove it from the forum so it will not be updated.
Necessity is the mother of all inventions!
130
13
5
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft