### Welcome to our community

#### Joppy

##### Well-known member
MHB Math Helper
This isn't an issue, since I can always reconnect afterward, but I'm just curious:

When I submit a post, I get redirected to a page telling me that there is no connection to the host: mathhelpboards.com. Why does this happen?

#### MarkFL

Staff member
Does the error page look like this?

#### Joppy

##### Well-known member
MHB Math Helper
Does the error page look like this?
Yes that's the one. I just noticed it also happens when clicking various links around the forum, but only sometimes. It's quite consistent when I submit a post however.

#### MarkFL

Staff member
Yes that's the one. I just noticed it also happens when clicking various links around the forum, but only sometimes. It's quite consistent when I submit a post however.
I get that on the site occasionally (but not consistently), but never when I post (so far), but I do consistently get that when trying to use the Style Manager in the AdminCP, but none of the other admins do. It's something we're aware of, and trying to find the cause. I appreciate you reporting this issue, because until now, I thought it was something particular to me.

#### Joppy

##### Well-known member
MHB Math Helper
I get that on the site occasionally (but not consistently), but never when I post (so far), but I do consistently get that when trying to use the Style Manager in the AdminCP, but none of the other admins do. It's something we're aware of, and trying to find the cause. I appreciate you reporting this issue, because until now, I thought it was something particular to me.
No problem . Luckily clicking refresh always sends me straight back to the forum. I'd like to understand what's going on, let me know if you find the culprit!

#### Jameson

Staff member
Hi Joppy,

Thank you for pointing this out. It's always good to learn about bugs and try to fix them. This issue is probably connected to a recent switch we made from http to https.

Can you try visiting MHB through the secure link and doing a test post in this thread and see if the problem remains?

#### Greg

##### Perseverance
Staff member
I had this error (for about 15 minutes) before https was implemented.

#### Joppy

##### Well-known member
MHB Math Helper
Test post.

edit: No issues.

edit2:

Hi Joppy,
Thank you for pointing this out. It's always good to learn about bugs and try to fix them. This issue is probably connected to a recent switch we made from http to https.
Can you try visiting MHB through the secure link and doing a test post in this thread and see if the problem remains?
Was the link meant to be the HTTP version? (both the link and current version are https?)

Last edited:

#### Jameson

Staff member
Test post.

edit: No issues.

edit2:

Was the link meant to be the HTTP version? (both the link and current version are https?)
No the link was meant to be HTTPS. I was thinking that you might have the HTTP site bookmarked and could be posting through that somehow but honestly I'm not sure how the switch works with Cloudflare. Sometimes changes aren't reflected instantaneously with their caching. Anyway you wrote that it's working now so that's good news!

#### MountEvariste

##### Well-known member
Is anyone else getting a "database error" today? It's mainly when trying to view this thread.

#### Klaas van Aarsen

##### MHB Seeker
Staff member
Is anyone else getting a "database error" today? It's mainly when trying to view this thread.
That thread is now consistently giving a database error.
Code:
Database error in vBulletin 4.2.5:

Invalid SQL:

SELECT user.*
FROM user AS user

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's')
ORDER BY FIELD(username,'Theia's')' at line 3
Error Number  : 1064
Request Date  : Friday, April 20th 2018 @ 08:43:09 PM
Error Date    : Friday, April 20th 2018 @ 08:43:10 PM
Script        : http://mathhelpboards.com/calculus-10/tough-integral-24096.html
Referrer      : https://mathhelpboards.com/activity/
There appears to be a problem with a single quote in the username "Theia's", which is not the actual username.
June29 , did you perchance put UNM tags around "Theia's" or something like that?

#### MountEvariste

##### Well-known member
This thread is now consistently giving a database error.
Code:
Database error in vBulletin 4.2.5:

Invalid SQL:

SELECT user.*
FROM user AS user

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's')
ORDER BY FIELD(username,'Theia's')' at line 3
Error Number  : 1064
Request Date  : Friday, April 20th 2018 @ 08:43:09 PM
Error Date    : Friday, April 20th 2018 @ 08:43:10 PM
Script        : http://mathhelpboards.com/calculus-10/tough-integral-24096.html
Referrer      : https://mathhelpboards.com/activity/
There appears to be a problem with a single quote in the username "Theia's", which is not the actual username.
June29 , did you put perchance UNM tags around "Theia's" or something like that?
Yes, I did. Oh my goodness, I caused this!?

It gave me the database error while trying to preview it, and I thought I'd submit it then edit it.

#### Klaas van Aarsen

##### MHB Seeker
Staff member
Yes, I did. Oh my goodness, I caused this!?
I'd say that you revealed a problem that we were not aware of yet.
Thanks!

#### MountEvariste

##### Well-known member
I'd say that you revealed a problem that we were not aware of yet.
Thanks!

...
For a minute I thought I destroyed the entire site by mistake.

Thanks. Hopefully the error doesn't affect the other threads!

Last edited:

#### MarkFL

Staff member
I have added code to that external script so a single quote in a username won't throw an error, and I edited the post so that only the username is within the [UNM][/UNM] tags.

#### Jameson

Staff member
Thank you very much for pointing this out! This is a huge security vulnerability related to the username markup add-on. I found a way to fix that thread for now but we will need to patch this ASAP.

EDIT: Looks like Mark already handled it.

#### MountEvariste

##### Well-known member
Many thanks, guys - and apologies for any inconvenience caused.

It's impressive how quickly things get noticed/fixed around here!

#### MarkFL

Staff member
Many thanks, guys - and apologies for any inconvenience caused.

It's impressive how quickly things get noticed/fixed around here!
There was no inconvenience, except to you trying to post and to those trying to read the thread. It was bad coding on my part, done before I knew the importance of sanitizing user input before being used in a database query. I was glad to be made aware of the issue so I could update my product to deal with the issue, so thank you for that.

#### Opalg

##### MHB Oldtimer
Staff member
I have added code to that external script so a single quote in a username won't throw an error
Reminds me of a recent xkcd cartoon.

#### Klaas van Aarsen

##### MHB Seeker
Staff member
Let me throw in another XKCD:

I do hope that no one drops our [M]people[/M] table!

#### Joppy

##### Well-known member
MHB Math Helper
Sorry to dig up this thread again, but thought I'd mention that the issue in the OP is back. I think it was also mentioned in another thread recently... This time it seems to happen only when submitting a new post. .