Add Download problem...

blith · Client Joined: Jul 18, 2003 Posts: 977

I am adding downloads and filling in all the information, I click the add button and I am given the Thanks for your submission screen but it never shows up in the waiting download section of the admin panel. Can someone help me? Thanks.

Edit I checked the database and it is not in there either.

sixonetonoffun · Posted: Mon May 10, 2004 1:54 pm

Are the tables there? What version Nuke what files are in use (Patched files newest?) Are the database tables there?

blith · Client Joined: Jul 18, 2003 Posts: 977

The tables are there. I am using 7.2 patched (from here). thank you...

chatserv · Posted: Tue May 11, 2004 6:53 am

Do a structure-only backup of the download db tables and post it.

blith · Client Joined: Jul 18, 2003 Posts: 977

chatserv wrote:

Do a structure-only backup of the download db tables and post it.

Here is the newdownload table:

Code:

#
# Table structure for table `nuke_downloads_newdownload`
#

CREATE TABLE `nuke_downloads_newdownload` (
`lid` int(11) NOT NULL auto_increment,
`cid` int(11) NOT NULL default '0',
`sid` int(11) NOT NULL default '0',
`title` varchar(100) NOT NULL default '',
`url` varchar(100) NOT NULL default '',
`description` text NOT NULL,
`name` varchar(100) NOT NULL default '',
`email` varchar(100) NOT NULL default '',
`submitter` varchar(60) NOT NULL default '',
`filesize` int(11) NOT NULL default '0',
`version` varchar(10) NOT NULL default '',
`homepage` varchar(200) NOT NULL default '',
PRIMARY KEY (`lid`),
KEY `lid` (`lid`),
KEY `cid` (`cid`),
KEY `sid` (`sid`),
KEY `title` (`title`)
) TYPE=MyISAM AUTO_INCREMENT=7 ;

chatserv · Posted: Tue May 11, 2004 7:40 am

Looks ok to me, i'll check the patch's file, load the default one to see if it works.

blith · Client Joined: Jul 18, 2003 Posts: 977

Okay, funny thing I hust did a test add and it worked. I did two seperate yesterday and they would not show up in the admin section of Waiting Content. Is it possible that there could be some variable in a download address that would not get throug due to the security measures? Thanks for looking into this chatserv.

chatserv · Posted: Tue May 11, 2004 8:09 am

I've seen weirder things sometimes a work or symbol in the title could trigger some of the protection.

blith · Client Joined: Jul 18, 2003 Posts: 977

Okay, when/if it happens again I will make note of the record and then check into it. I forgot to add that if I added the dl through the admin panel it went in okay. I checked my user_add_download variable and it is on yes(1) so.... not sure wha' happened.

blith · Client Joined: Jul 18, 2003 Posts: 977

Alright I have found out something interesting. I could not add a download from the download section if I copy and paste. Everything must be typed in... I did not check to see if it was individual fields yet but I will get back to everyone on that.

sixonetonoffun · Posted: Tue May 11, 2004 6:32 pm

What where you trying to cut n paste from word?

blith · Client Joined: Jul 18, 2003 Posts: 977

sixonetonoffun wrote:

What where you trying to cut n paste from word?

Outlook...which uses Word...

sixonetonoffun · Posted: Wed May 12, 2004 1:14 pm

That would do it try pasting it into notepad or something to get rid of the word formatting.

blith · Client Joined: Jul 18, 2003 Posts: 977

funny this problem only cropped up in 7.2. I have over 800 downloads and it just started with 7.2...

sixonetonoffun · Posted: Wed May 12, 2004 2:53 pm

Ouch I'd be looking at what changes are in the filters and what is in your urls Are the * chars in the urls or descriptions? I noticed I couldn't post slash* comments here after the latest UNION code was added. (At least thats what I think is causing it).

blith · Client Joined: Jul 18, 2003 Posts: 977

I found out what character was causing it. In the user add download section a single quote

Code:

'

cannot be used. Where can I take this out of the filter? And if I do what harm can come of it? Thanks!

Raven · Posted: Thu May 20, 2004 8:49 pm

I'm not too sure it's a filter issue. It could be the quote is quoted, if you will, and is now an uneven number of quote marks and PHP get's a migraine Shocked

. When I encounter this in the download titles (usually) I just work around it Laughing

. Not that I couldn't fix it, it's just not worth the effort to me. Bigger fish to fry Wink

blith · Client Joined: Jul 18, 2003 Posts: 977

I work around it also when I am adding downloads but the problem is if a user is adding his download it reads "Your download submission has been received." and then it never shows up. The person who entered it believes I am ignoring them or not getting to it. Suggestions?

Raven · Posted: Fri May 21, 2004 8:07 am

Write code to either addslashes() or strip all ' marks.

blith · Client Joined: Jul 18, 2003 Posts: 977

sheesh gotto go learn to fish.... Wink

blith · Client Joined: Jul 18, 2003 Posts: 977

What is the purpose of the stripslashes in the AddDownload section of index.php for the downloads module? I have been reading about this and I am trying to understand. Stripslashes seem to be used to remove the backslash from a data string so that anything entered in as O\'reily would come out as O'reily. But that is not what is needed here. Users do not enter the single quote with a "\" in front of it to be stripped out. So are the "\" being entered somewhere else and then being stripped here as a way to have them entered into the db? Thanks to anyone for their help. The crux of my problem is that when a User enters a download it is not being forwarded to me because they have used singe quotes somewhere, usually as an apostrophe... so I don't get them and then they wonder why I haven't posted their download.

chatserv · Posted: Tue May 25, 2004 1:47 pm

In the files i have the AddDownload function does not include stripslashes as it is not required, the Add function does because it sends data into the db.

blith · Client Joined: Jul 18, 2003 Posts: 977

Right I am sorry. I am still learning and after looking at that it is further down in the Add function. See I am trying to learn! Can you point me further in the answer to my problem? Thank you.

sixonetonoffun · Posted: Tue May 25, 2004 1:56 pm

You really don't want to let users post urls with single quotes as part of the url. Why? Because they are commonly used as part of an sql injection.

If your going to allow that you do it at your own risk and don't come crying when your site gets defaced or worse.

If your talking about a text field from the tests I've done there is no issue with the use of quotes as you described. I can make posts with all the quotes I want. Can you please be more specific regarding the use of quotes here?

blith · Client Joined: Jul 18, 2003 Posts: 977

sixonetonoffun wrote:

You really don't want to let users post urls with single quotes as part of the url. Why? Because they are commonly used as part of an sql injection.

I am aware of this and that's why I am trying to understand this.

Quote:

If your going to allow that you do it at your own risk and don't come crying when your site gets defaced or worse.

Whoa, where did that comment come from? I do not come "crying" for anything...

Quote:

If your talking about a text field from the tests I've done there is no issue with the use of quotes as you described. I can make posts with all the quotes I want. Can you please be more specific regarding the use of quotes here?

I have had several users attempt to add doownloads through the Add download link and I thought I had narrowed it down to if a single quote is used it will not pass the information onto me as the admin in waiting content. It will happen to me also if I go through the user section to add a download. I will receive the "Submission received" screen but it does not show up in the admin section as a waiting download.