Hi there,
The image rating has been working great for months, but now some pages, like this one http://www.dualmonitorbackgrounds.com/abstract/Petroleum.jpg.html are screwing up. It shows:

Rating:
751,456.9/5 (127 votes)

Not sure what's causing that. Any ideas?

Could it be someone hacked it to insert a value greater than 5? You may want to check for that if it's possible...

No hack needed, I found it. This averages the current score with 500,000

`http://www.dualmonitorbackgrounds.com/themes/dmb/db.php

?j=499999

&q=39

&t=68.122.159.210

&c=500000`

I'm sorry, I tested it on this image to find the exploit -- http://www.dualmonitorbackgrounds.com/abstract/MyBalls.jpg.html . It originally had a rating of 1.1 with 17 votes, you probably want to change the db back.

There's no limit to how hight that number can go, because the maximum vote is controlled by the query attribute 'c'. That's bad, and allows anyone to modify the query URL to make whatever vote they want, even one that's more sly and less obvious... (like on this one, for example: http://www.dualmonitorbackgrounds.com/abstract/Tentacles.jpg.html I changed its rating from 3.3 w/ 7 votes to 5.0 w/ 8 votes with some quick math).

In db.php, change $units = $_REQUEST['c']; to $units = 5; to make the votes max out at 5 and reject all others, regardless of the query value.

Awesome, thanks. I'll change it tomorrow. I appreciate it a lot Might want to edit the code on the Trac too (if you haven't already)

Worked like a charm, thanks again!

http://www.zenphoto.org/zenphoto/zp-core/plugins/rating.php?clear_rating=1

unacceptable
php code amateur

bye

sorry
is only a small bug

Thanks, we will look at that.