Duplicate Rebuild search index potential SQL injection?

[Thalagyrt]

Got this while rebuilding indexes after an import. It seems to have hit a post with a in it.

Invalid bind-variable name ''

1. 
   [*]Zend_Db_Statement->_parseParameters() in Zend/Db/Statement.php at line 114
   [*]Zend_Db_Statement->__construct() in Zend/Db/Adapter/Mysqli.php at line 381
   [*]Zend_Db_Adapter_Mysqli->prepare() in Zend/Db/Adapter/Abstract.php at line 478
   [*]Zend_Db_Adapter_Abstract->query() in XenForo/Search/SourceHandler/MySqlFt.php at line 117
   [*]XenForo_Search_SourceHandler_MySqlFt->_pushToIndex() in XenForo/Search/SourceHandler/MySqlFt.php at line 65
   [*]XenForo_Search_SourceHandler_MySqlFt->insertIntoIndex() in XenForo/Search/Indexer.php at line 44
   [*]XenForo_Search_Indexer->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 47
   [*]XenForo_Search_DataHandler_Post->_insertIntoIndex() in XenForo/Search/DataHandler/Abstract.php at line 227
   [*]XenForo_Search_DataHandler_Abstract->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 119
   [*]XenForo_Search_DataHandler_Post->quickIndex() in XenForo/Search/DataHandler/Post.php at line 89
   [*]XenForo_Search_DataHandler_Post->rebuildIndex() in XenForo/CacheRebuilder/SearchIndex.php at line 83
   [*]XenForo_CacheRebuilder_SearchIndex->rebuild() in XenForo/ControllerHelper/CacheRebuild.php at line 26
   [*]XenForo_ControllerHelper_CacheRebuild->rebuildCache() in XenForo/ControllerAdmin/Tools.php at line 63
   [*]XenForo_ControllerAdmin_Tools->actionCacheRebuild() in XenForo/FrontController.php at line 310
   [*]XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
   [*]XenForo_FrontController->run() in /var/www/.../admin.php at line 13

 

[Thalagyrt]

Hmm... Upon a bit more digging it looks like it's a bug with the Zend Framework that was reported over a year ago. Weird that it hasn't been fixed.

 

[Thalagyrt]

Nevermind. Dupe of http://xenforo.com/community/thread...iable-name-when-rebuilding-search-index.9961/

 

[Mike]

I should also note that it's not an SQL injection, just an incorrect calculation of what it thinks are bound variables.

 

[Thalagyrt]

Yeah. At first glance it looked like it could potentially have been a vector for injection, but after looking a bit closer I realized that wasn't the case but couldn't change my thread topic (or couldn't figure out how?)