search

geoffhumphrey / brewblogger

Revival of a long-neglected project. ALL code in the master branch is UNTESTED and may be full of bugs!
4 stars 1 forks source link

Phantom tasting reviews #8

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
While operating a brewblogger site on the internet, phantom tasting reviews 
will appear as bad guys inject garbage data in to the review form. These show 
up a empty reviews. No server side data validation is being done.

What version of the product are you using? On what operating system?

BrewBlogger 2.3.2 Club Edition on Linux.

Please provide any additional information below.

I made a minor change to sections/add_review.inc.php to verify the scores are 
integers, before adding a record in the database.

I have attached a patch file. Copy it to the 'sections' directory, then run the 
following command in that directory to patch the file:

patch -p1 < patchfile

I know development on 2.3.2 is essentially dead, but hope this will help others 
frustrated by this issue.

Original issue reported on code.google.com by chill...@gmail.com on 21 Jun 2011 at 9:37

GoogleCodeExporter commented 8 years ago 
Original patch had issues. Here is an updated version.

Original comment by chill...@gmail.com on 22 Jun 2011 at 6:32

Attachments: