Vanilla: Attempting to access IDs out of range results in parse errors

1 to 4 of 4

Sep 14th 2007

Accessing urls with database IDs out of range or not allowed for the user's permissions results in parse errors when Vanilla is on PHP 5 installations.

Sample URLs: Vanilla/account.php?u=999999
Vanilla/comments.php?DiscussionID=999999

http://lussumo.com/community/discussion/6271/notice-trying-to-get-property-of-nonobject/

Dinoboff

Sep 16th 2007

For the account page:

replace line 51-55 by:

	if ($AccountUser) {
		if ($AccountUser->UserID == $Context->Session->UserID) {
			$Context->PageTitle = $Context->GetDefinition("MyAccount");
		} else {
			$Context->PageTitle = $AccountUser->Name;
		}
	} else {
		$Context->PageTitle = $Context->GetDefinition("ErrUserNotFound");
	}


replace line 78 by:<code>		if ( $AccountUser
			&& $AccountUser->UserID == $Context->Session->UserID
		) {

Dinoboff

Sep 16th 2007 edited

Both are fixed. For both, it check the discussion or user object is successfully created.
Vanilla r625

Should it set the statut code to 404?

WallPhone

Sep 17th 2007

Probably a good idea--although it should return a 403 if the user doesn't have permission or capability to view the discussion.

Actually, on second thought returning a 404 or 403 might be a bad idea if something somewhere catches it and modifies the output to a generic error (like ErrorDocument in Apache, or 'Friendly HTTP error messages' in IE)

1 to 4 of 4

Issue information

Vanilla 1.1.5 is a product of Lussumo. More Information: Documentation, Community Support.

Lussumo Bug Tracker

Vanilla: Attempting to access IDs out of range results in parse errors

Issue information

No assigned user