[development] Possible security issue in Drupal with previous/next thread in forum

philip at philipnet.com philip at philipnet.com
Wed Aug 26 16:07:42 UTC 2009

Quoting Jean-Michel Pouré <jm at poure.com>:

> Dear all,
> I hope that this is the right place to post.
> My issue http://drupal.org/node/559424
> was closed with a "Wron't fix" answer.
> On my server, a query returns 21000 rows in 7412 ms.
> Just to be able to display previous and next forum thread.
> The number of rows seems too large.
> I double-checked on my testing server with 650.000 posts and the devel
> module + pgadmin3.

Firstly, if it is a security issue this is not the right place to  
report it. You should be using the existing method:  

Can you be more exact than "The number of rows seems too large"?
Either it's right or wrong. If it's wrong, what is the right number?
And if it's wrong, is the SQL statment wrong, the processing that  
comes next or somewhere else?

Phil L.

This message was sent using IMP, the Internet Messaging Program.

More information about the development mailing list