fix: super-strange id + 0 query that totally prevents the use of indexes

This commit is contained in:
Martin Ambrus
2017-10-24 09:55:18 +02:00
parent d12be30634
commit aab1010906
4 changed files with 6 additions and 6 deletions
+2 -2
View File
@@ -335,7 +335,7 @@ class Message {
// Vulnerability closed by Shadow
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".time()." - 60";
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".(time() - 60);
$res = mysqli_query($GLOBALS['link'],$q) or die(mysqli_error($database->dblink). " query ".$q);
$flood = mysqli_num_rows($res);
if($flood > 5)
@@ -425,7 +425,7 @@ class Message {
// Vulnerability closed by Shadow
if ($security_check) {
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".time()." - 60";
$q = "SELECT * FROM ".TB_PREFIX."mdata WHERE owner='".$session->uid."' AND time > ".time() - 60;
$res = mysqli_query($GLOBALS['link'],$q) or die(mysqli_error($database->dblink). " query ".$q);
$flood = mysqli_num_rows($res);
if($flood > 5)