Open-AudIT https://www.open-audit.org/phpBB3/ |
|
search.php bug https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=1615 |
Page 1 of 1 |
Author: | francisg [ Wed Oct 25, 2006 9:10 pm ] |
Post subject: | search.php bug |
if the search query returns an empty value, search.php will display an error on line 168 due to [code] sort($result_set); [/code] before [code] $count = count ($result_set); for ($i=0; $i<$count; $i++){ [/code] this is obviously easy to fix BUT the bug i do want to ask about is regarding IP address search.php queries. i have a machine that has the ip address 172.16.10.1 and if I search for that address it returns no results. after reading the code and checking openaudit.system for net_ip_address field, i see this: [code] mysql> select net_ip_address from system; +-----------------+ | net_ip_address | +-----------------+ | 172.016.010.001 | +-----------------+ 1 rows in set (0.00 sec) mysql> [/code] so i went and read search.php and i see that since searching correctly for an IP address would require some transformation (using the function in include_functions.php called ip_trans_to() ), and as we see the 'search' sql query, it uses $search... so we cannot transform the input because we don't know first hand the nature of the query... [code] $sql .= "net_ip_address LIKE '%$search%' OR "; [/code] is search.php going to be redesign ? any design ideas or requirements? i need this functionality now so I'm going to implement my own search.php version... (search.php with an 'advanced' search option) |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |