[FIXED] search module and component issue. importante pls check

Confirmed bugs that have been Fixed - Joomla 1.0.x



[New Threads cannot be started in this forum]
Locked
cosmoarg
Joomla! Apprentice
Joomla! Apprentice
Posts: 38
Joined: Fri Sep 30, 2005 8:45 pm

[FIXED] search module and component issue. importante pls check

Post by cosmoarg » Wed Nov 28, 2007 12:50 pm

hi pals!
I know that this topic should go in security forum, but It's important, and likekly ever joomla dev reads this forums.
There is a problem whit the search component. If you for example write this string "a a a a a a a a  a" will you get a lot of html code and probably your db will crash.
I have fixed with php and js validation. If smb needs helkp pls, ask me and I'll give a hand
Mariano
Last edited by Robin on Sat Jan 26, 2008 12:13 pm, edited 1 time in total.

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19646
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: security! search module and component issue. importante pls check

Post by dhuelsmann » Wed Nov 28, 2007 1:12 pm

cosmoarg wrote: hi pals!
I know that this topic should go in security forum, but It's important, and likekly ever joomla dev reads this forums.
There is a problem whit the search component. If you for example write this string "a a a a a a a a  a" will you get a lot of html code and probably your db will crash.
I have fixed with php and js validation. If smb needs helkp pls, ask me and I'll give a hand
Mariano
I confirmed that I get the following in 1.0.12:
Fatal error: Out of memory (allocated 526123008) (tried to allocate 780167260 bytes) in /home/kiwanisw/public_html/components/com_search/search.php on line 178
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org

User avatar
Robin
Joomla! Master
Joomla! Master
Posts: 15753
Joined: Thu Aug 18, 2005 10:41 am

Re: security! search module and component issue. importante pls check

Post by Robin » Sat Jan 26, 2008 12:13 pm

Dev note; this has been fixed in 1.0.14 RC1

Closing report


Locked

Return to “Q&T 1.0.x Resolved”