First, since you're using SQL, your data is much safer compared to the Access version. And hackers definitely know the SQL tables very well just by installing WWF themselves. But, this is a very inelegant error to be presented.
I assume you do not get this error when you fill in the "new subject" text box. This appears to be a minor bug from at least 7.01 through 7.96. I don't know how it would manifest in the Access version, but I think it will produce an error at the same line number with some reference to a referential integrity.
Here's what I came up with: In "move_post.asp", you need to detect that no topic from the list was chosen and no new subject was entered. So, open "move_post.asp" and insert the
red code:
'If the user is user is using a banned IP redirect to an error page
If bannedIP() Then
'Clean up
Set rsCommon = Nothing
adoCon.Close
Set adoCon = Nothing
'Redirect
Response.Redirect("insufficient_permission.asp?M=IP")
End If
If (Request.Form("topicSelect") = "") and (Trim(Request.Form("subject")) = "") then
'Clean up
Set rsCommon = Nothing
adoCon.Close
Set adoCon = Nothing
%>
<html>
<head>
<meta name="copyright" content="Copyright (C) 2001-2005 Bruce Corkhill" />
<title>Discussion Forum Move Post</title>
<%
'***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ******
Response.Write("<!--//" & _
vbCrLf & "/* *******************************************************" & _
vbCrLf & "Application: Web Wiz Forums ver. " & strVersion & "" & _
vbCrLf & "Author: Bruce Corkhill" & _
vbCrLf & "Info: http://www.webwizforums.com" & _
vbCrLf & "Available FREE: http://www.webwizforums.com" & _
vbCrLf & "Copyright: Bruce Corkhill ©2001-2005. All rights reserved" & _
vbCrLf & "******************************************************* */" & _
vbCrLf & "//-->" & vbCrLf & vbCrLf)
'***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ******
%>
<!--#include file="includes/skin_file.asp" -->
</head>
<body bgcolor="<% = strBgColour %>" text="<% = strTextColour %>" background="<% = strBgImage %>" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" OnLoad="self.focus();">
<div align="center" class="heading">Invalid Topic</div>
<div align="center" class="text"><br />You must choose a topic from the list or enter a new topic.<br /><br />
Click here to <a href="move_post_form.asp?PID=<%=Request.Form("PID")%>">return to the initial Topic Move form.</a>
</div>
</body>
</html>
<%
Else
'Read in the post ID
lngPostID = CLng(Request.Form("PID"))
|
and at the end
%>
<html>
<head>
<script language="JavaScript">
window.opener.location.href = "forum_posts.asp?TID=<% = lngTopicID %>"
window.close();
</script>
</head>
</html>
<%
End If
%>
|
Insert only the red code. You should find the black code already in the file.
With that change, a moderator and adminstrator should no longer be presented with the unaccounted for error. However, only admins and moderators would ever see that error. Presumably, such users are people you trust, so you have little to fear from an error in that particular process. A more complete bug fix would include a javascript in "move_post_form_to.asp" that checks that either a topic is selected or a non-blank subject is entered. I'll leave that to - boRg - for now.
(hopefully the forum filters don't make these suggested changes unintelligible)
Topic Options
Post Options
Thanks(0)
