Duplicate  Rebuild search index potential SQL injection?


Got this while rebuilding indexes after an import. It seems to have hit a post with a :p in it.

Invalid bind-variable name ':p'

  1. [*]Zend_Db_Statement->_parseParameters() in Zend/Db/Statement.php at line 114
    [*]Zend_Db_Statement->__construct() in Zend/Db/Adapter/Mysqli.php at line 381
    [*]Zend_Db_Adapter_Mysqli->prepare() in Zend/Db/Adapter/Abstract.php at line 478
    [*]Zend_Db_Adapter_Abstract->query() in XenForo/Search/SourceHandler/MySqlFt.php at line 117
    [*]XenForo_Search_SourceHandler_MySqlFt->_pushToIndex() in XenForo/Search/SourceHandler/MySqlFt.php at line 65
    [*]XenForo_Search_SourceHandler_MySqlFt->insertIntoIndex() in XenForo/Search/Indexer.php at line 44
    [*]XenForo_Search_Indexer->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 47
    [*]XenForo_Search_DataHandler_Post->_insertIntoIndex() in XenForo/Search/DataHandler/Abstract.php at line 227
    [*]XenForo_Search_DataHandler_Abstract->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 119
    [*]XenForo_Search_DataHandler_Post->quickIndex() in XenForo/Search/DataHandler/Post.php at line 89
    [*]XenForo_Search_DataHandler_Post->rebuildIndex() in XenForo/CacheRebuilder/SearchIndex.php at line 83
    [*]XenForo_CacheRebuilder_SearchIndex->rebuild() in XenForo/ControllerHelper/CacheRebuild.php at line 26
    [*]XenForo_ControllerHelper_CacheRebuild->rebuildCache() in XenForo/ControllerAdmin/Tools.php at line 63
    [*]XenForo_ControllerAdmin_Tools->actionCacheRebuild() in XenForo/FrontController.php at line 310
    [*]XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
    [*]XenForo_FrontController->run() in /var/www/.../admin.php at line 13


Hmm... Upon a bit more digging it looks like it's a bug with the Zend Framework that was reported over a year ago. Weird that it hasn't been fixed.


XenForo developer
Staff member
I should also note that it's not an SQL injection, just an incorrect calculation of what it thinks are bound variables.


Yeah. At first glance it looked like it could potentially have been a vector for injection, but after looking a bit closer I realized that wasn't the case but couldn't change my thread topic (or couldn't figure out how?)