vbgallery 2.5.1 profile_start plugin mismatched

Fenriz · May 4th, 2010, 04:28 AM

I'm not sure if this is a bug or not, but..
if I make a clean install of vbgallery 2.5.1, I see one content of profile_start plugin and in the security notice
Security Notice: Update for vBGallery v2.5 I see another content of profile_start plugin.

What is the difference?
---
In the security notice, string 107:
'profile_column' => TYPE_INT,
and in a clean vbgallery 2.5.1 install:
'profile_column' => TYPE_NOHTML,
---
In the security notice, string 159:
$db->escape_string("
and in a clean vbgallery 2.5.1 install:
$db->query_write("

Is that a bug or not? Where strings are better?

Luciano · May 4th, 2010, 08:33 AM

profile_column should be TYPE_INT

and it should be $db->query_write("
NOT $db->escape_string("

It will not do harm, actually it will not do anything.. not even save the settings as it is supposed to...
this must have been a typo in the quickfix..

Rideharder · May 5th, 2010, 10:23 PM

this good or bad?

Luciano · May 5th, 2010, 10:47 PM

As i said.. it would do no harm, no error message either..
this has been fixed now..
only drawback, user could not save his settings for profile..

Rideharder · May 5th, 2010, 10:50 PM

When was it fixed?