Hi there,
The image rating has been working great for months, but now some pages, like this one http://www.dualmonitorbackgrounds.com/abstract/Petroleum.jpg.html are screwing up. It shows:
Rating:
751,456.9/5 (127 votes)
Not sure what's causing that. Any ideas?
No hack needed, I found it. This averages the current score with 500,000
`http://www.dualmonitorbackgrounds.com/themes/dmb/db.php
?j=499999
&q=39
&t=68.122.159.210
&c=500000`
I'm sorry, I tested it on this image to find the exploit -- http://www.dualmonitorbackgrounds.com/abstract/MyBalls.jpg.html . It originally had a rating of 1.1 with 17 votes, you probably want to change the db back.
There's no limit to how hight that number can go, because the maximum vote is controlled by the query attribute 'c'. That's bad, and allows anyone to modify the query URL to make whatever vote they want, even one that's more sly and less obvious... (like on this one, for example: http://www.dualmonitorbackgrounds.com/abstract/Tentacles.jpg.html I changed its rating from 3.3 w/ 7 votes to 5.0 w/ 8 votes with some quick math).
In db.php, change $units = $_REQUEST['c']; to $units = 5; to make the votes max out at 5 and reject all others, regardless of the query value.
http://www.zenphoto.org/zenphoto/zp-core/plugins/rating.php?clear_rating=1
unacceptable
php code amateur
bye
