There seems to be a problem on my WSN Links system (5.1.53) - Someone has managed to submit a new category (although submissions of new categories is set not to be permitted for the userlevel) and place a link listing in the category. When I approved it, it didn't show up, which alerted me to a problem. After some searching I located the new link submission and found that it had been placed in a new category called something random like 'sean's link listing' - when I went to edit this, I tried deleting the category and moving the listing but the category still shows up. The actual link shows up as the primary category being 'admin's link collection' - and there is no choice to select anything else. When I hard deleted the link I now get the following errors if I try to access the link again to check it's gone:
Error occurred at /links/link.php?action=detail&id=10095 on 2010-11-28 00:31:53. Error text: Error #2: 'mysql_num_rows(): supplied argument is not a valid MySQL result resource' in /links/databases/mysql.php on line 79. Last SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND validated=1 AND hide=0 ORDER BY title ASC' at line 1
Error occurred at /links/link.php?action=detail&id=10095 on 2010-11-28 00:31:53. Error text: Error #2: 'mysql_num_rows(): supplied argument is not a valid MySQL result resource' in /links/databases/mysql.php on line 79. Last SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND invisibleto NOT LIKE '%|3|%') AND effectivetime < 1290904311 AND alias=0 AND' at line 1
I'm worried that security of the links and database system has been compromised, whether it is a WSN links problem or a database problem of some sort (perhaps the database disconnected during submission?) and also wondering if this problem can therefore be securely fixed?
At Admin -> Settings -> Switches you must've enabled "Member links list". This allows people to create personal link lists, not part of your standard category structure but they act as categories. Somebody added something to their link list.
When you attempt to edit somebody else's personal list it will show it as being in your own because it assumes only a list owner edits their own list.
Now checking on the ability of an admin to delete those.
I didn't see a problem hard-deleting, it's no longer listed in the personal list after I delete. If you try to re-access the details page of a hard-deleted listing though you will get an error since it doesn't exist.
Thanks for your replies - I took a look at the switches - 'member links lists' wasn't checked, but 'Saved links' was. Could this have been the problem? In case, I have de-activated it. Also 'Allow claiming links' was checked - have un-checked that too.
Would it be safe to come out of maintenance mode, and will the database be ok?
The saved links system is different and couldn't be involved. There's no way that allow claiming links could be involved either. I see it's allowing people who manually write out the URL to add to their personal list even when the system is off. I'll change that in the next release so they can't.
Not sure what you mean by maintenance mode or the database being ok. There's nothing significant going on, just some person or bot pointlessly doing what's allowed on many sites but wasn't meant to be allowed on yours.
0/5
1
2
3
4
5
Sorry, you don't have permission to post posts. Log in, or register if you haven't yet.
Comments on Problem with categories and new link submission
Member
Usergroup: Customer
Joined: Nov 19, 2003
Total Topics: 21
Total Comments: 35
Hi
There seems to be a problem on my WSN Links system (5.1.53) - Someone has managed to submit a new category (although submissions of new categories is set not to be permitted for the userlevel) and place a link listing in the category. When I approved it, it didn't show up, which alerted me to a problem. After some searching I located the new link submission and found that it had been placed in a new category called something random like 'sean's link listing' - when I went to edit this, I tried deleting the category and moving the listing but the category still shows up. The actual link shows up as the primary category being 'admin's link collection' - and there is no choice to select anything else. When I hard deleted the link I now get the following errors if I try to access the link again to check it's gone:
Error occurred at /links/link.php?action=detail&id=10095 on 2010-11-28 00:31:53. Error text: Error #2: 'mysql_num_rows(): supplied argument is not a valid MySQL result resource' in /links/databases/mysql.php on line 79.
Last SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND validated=1 AND hide=0 ORDER BY title ASC' at line 1
Error occurred at /links/link.php?action=detail&id=10095 on 2010-11-28 00:31:53. Error text: Error #2: 'mysql_num_rows(): supplied argument is not a valid MySQL result resource' in /links/databases/mysql.php on line 79.
Last SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND invisibleto NOT LIKE '%|3|%') AND effectivetime < 1290904311 AND alias=0 AND' at line 1
I'm worried that security of the links and database system has been compromised, whether it is a WSN links problem or a database problem of some sort (perhaps the database disconnected during submission?) and also wondering if this problem can therefore be securely fixed?
Many thanks for your help
Kind regards
Trevor.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7867
At Admin -> Settings -> Switches you must've enabled "Member links list". This allows people to create personal link lists, not part of your standard category structure but they act as categories. Somebody added something to their link list.
When you attempt to edit somebody else's personal list it will show it as being in your own because it assumes only a list owner edits their own list.
Now checking on the ability of an admin to delete those.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7867
I didn't see a problem hard-deleting, it's no longer listed in the personal list after I delete. If you try to re-access the details page of a hard-deleted listing though you will get an error since it doesn't exist.
Member
Usergroup: Customer
Joined: Nov 19, 2003
Total Topics: 21
Total Comments: 35
Hi
Thanks for your replies - I took a look at the switches - 'member links lists' wasn't checked, but 'Saved links' was. Could this have been the problem? In case, I have de-activated it. Also 'Allow claiming links' was checked - have un-checked that too.
Would it be safe to come out of maintenance mode, and will the database be ok?
Thank you for your help.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7867
The saved links system is different and couldn't be involved. There's no way that allow claiming links could be involved either. I see it's allowing people who manually write out the URL to add to their personal list even when the system is off. I'll change that in the next release so they can't.
Not sure what you mean by maintenance mode or the database being ok. There's nothing significant going on, just some person or bot pointlessly doing what's allowed on many sites but wasn't meant to be allowed on yours.