Undefined index: REDIRECT_QUERY_STRING & Incorrect string: '''' for inet_aton

Kindred · April 11, 2023, 02:53:11 PM

rotfl....

ok, well, see, now we get to it.
1- your previous posts were rambling and useless to the point that only now does your explanation START to make sense. I do indeed see the error thanks to your attempt to spam my test site.
2- This is not a vulnerability. Sure, I guess someone might spam the error log, like you did on my test site... but that's it...
3- However, GUESS WHAT - there's a simple fix!!
As I have said, several times now... upgrade to 2.1.x. That version no longer triggers an error - and 2.0.x is not receiving any updates other than security updates (and this is not a security issue)

Aleksi "Lex" Kilpinen · April 11, 2023, 02:57:12 PM

I'm not at all sure I'd call ability to create an error in your log a "vulnerability".
Also, Simple Portal is a mod - Issues with mods should be handled with the mod authors.
Lastly, I believe inet_aton is purely an ipv4 function and if you are seeing errors from it, the most likely cause is that ipv6 is not working "perfectly fine" in all situations but is ending up handled by ipv4 routines somewhere.

dodos26 · April 11, 2023, 03:56:07 PM

2. Nope!
This may be a problem, I don't know about security but I know that something that can be without restrictions / container, saved and displayed causes a serious security error first thing that comes to mind is an iframe that may cause transferring the administrator's ip, who knows maybe even session number and this is already a big threat. We are in the 2.0 support table and expect support to 2.0. Saying install 2.1 is like telling someone who uses windows to install linux...

Aleksi "Lex" Kilpinen
Yeah bro note that it wasn't until later that I found out that simple portal was having problems with custom redirection.

Why dont use inet_pton or INET6_ATON (that work also for ip normal) and why
'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'
and what is \ 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'

Could this quality workaround or fix the problem?

Arantor · April 11, 2023, 03:59:42 PM

Because the problem isn't as simple as just switching to the other function. IPv6 addresses are larger; you need to upgrade to ensure the database is properly converted to allocate more space for IPv6 addresses (and also ensure that all the related functionality is also upgraded)

Kindred · April 11, 2023, 04:06:29 PM

No, telling you to upgrade smf versions is like telling someone who continued to use windows 98 and had problems on that ancient platform that they really should upgrade to windows 10

Arantor · April 11, 2023, 04:13:07 PM

Even that's a reference that's passing; Windows 10 goes out of mainstream support in 2025, we're getting there...

Steve · April 12, 2023, 07:27:22 PM

I believe this has gone on long enough. Question asked, solution provided (several times).

Locking.

@Kindred or Lex - by all means, unlock if you don't think it should have been.

dodos26 · April 13, 2023, 11:15:21 AM

https://www.simplemachines.org/community/index.php?topic=585618.0
No solution to the requested problem was provided.
No solution to the requested problem was provided.
No solution to the requested problem was provided.

Why is my topic the only one of all topics in this section that has been closed.

Aleksi "Lex" Kilpinen · April 13, 2023, 11:18:41 AM

You were offered a solution, not our problem if you reject it.

Merged. Lock stays.

News:

Undefined index: REDIRECT_QUERY_STRING & Incorrect string: '''' for inet_aton