Line #399 in register.asp, after applying the 3.4.07 security fix shows as:
strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
This is a bug, as the SPAM_MAIL table is created with the strFilterTablePrefix, and it can cause an error if the value for the two prefixes are different.
The fix is simple:
strsql = "SELECT SPAM_SERVER FROM " & strFilterTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
This will ensure proper access to the table, even when the prefixes values are different.
Posted - 30 July 2009 : 18:08:18
