[development] Possible security issue in Drupal with previous/next thread in forum
philip at philipnet.com
philip at philipnet.com
Wed Aug 26 16:07:42 UTC 2009
Quoting Jean-Michel Pouré <jm at poure.com>:
> Dear all,
>
> I hope that this is the right place to post.
>
> My issue http://drupal.org/node/559424
> was closed with a "Wron't fix" answer.
>
> On my server, a query returns 21000 rows in 7412 ms.
> Just to be able to display previous and next forum thread.
> The number of rows seems too large.
>
> I double-checked on my testing server with 650.000 posts and the devel
> module + pgadmin3.
Firstly, if it is a security issue this is not the right place to
report it. You should be using the existing method:
http://drupal.org/security-team#report-issue
Can you be more exact than "The number of rows seems too large"?
Either it's right or wrong. If it's wrong, what is the right number?
And if it's wrong, is the SQL statment wrong, the processing that
comes next or somewhere else?
Phil L.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the development
mailing list