[MKDoc-dev] [BUG] 1.8 Excessive error messages written to apache error_log

Chris Croome chris at webarchitects.co.uk
Thu Nov 18 15:58:49 GMT 2004


Hi

On Wed 17-Nov-2004 at 05:55:53 +0000, Chris Croome wrote:
> 
> One to start with -- /.admin.userinsert -- if the null option is
> selected for the base document when adding a user (the null option is
> needed because it's not known by all users that Crtl needs to be held
> down to unselect everything) then this message is written into the
> error_log once for each document on the site (I'm testing with a big
> db so this is a _lot_ of times for me):
> 
>   Argument "" isn't numeric in numeric eq (==) at /usr/local/mkdoc-1-8/flo/plugin/Admin/UserInsert.pm line 89.

A fix for this is to make the null document option have value="0"
(document IDs start with 1), however there _should_ be more checks on
the input -- if it is changed to a alaphabetic string then another error
is generated:

  Argument "\x{63}\x{72}..." isn't numeric in addition (+) at /usr/local/mkdoc-1-8/flo/plugin/Admin/UserInsert.pm line 60.

What should happen is that the bese document value should be first
checked that it's a number and then there should be a check that it
corresponds to an existing document and if it doesn't then there should
be an error message in the user interface and not in the error logs.

At the moment this field doesn't seem to be checked for malcious content
:-/

Chris

-- 
Chris Croome                               <chris at webarchitects.co.uk>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/   


More information about the MKDoc-dev mailing list