GMod Bug Reporter

Simple derma menu addon for reporting bugs or making suggestions that comes with the php webpage to connect and display information that has been sent from your server to the database.


Chat commands: !bugreport, !bug, /bugreport, /bug
Console: bug_reporter

To Do:
Admin panel that allows making bugs as comeplete, or delete them (Login with steam API probably)
Figure out how to remove duplicate rows using MySQL automatically

This is in pretty bad shape for a public release, imo.

Your UI of your PHP page is extremely basic, and you could at least put some Bootstrap-esque CSS on it to pretty the table up.

The backend of the PHP isnt using mysqli, which is going to throw deprecation errors, or cease to function, with users on up-to-date PHP installs.

Not as major, but it is bad practice to use * in a SELECT statement rather than named columns.

You also use a VARCHAR(100) for the report column, but there is no limit on the input in Lua. Bug reports over 100 characters will be truncated and no one will know why.

All of these fixes would take you about an hour in total to fix/add, and it would vastly improve the impression your addon gives, given how simple it is in nature.

Thank you for your input. I will take it into consideration.

Unfortunately when you lower the barrier of entry to reporting bugs enough, your system just gets filled with spam from dumb cunts.

Exhibit A:

Exhibit B:

Looks nifty though.

I was literally working on something like this for the past 2 days. Thanks for ninja’ing me.

oh my lord.

do NOT put this on your server.

somebody will fuck your database up, no prevention of sql injection.

Hi I’d like to report a bug:

;DROP TABLE bug_report --

heyo, I fixed your web version, I haven’t tested it cause I don’t have a gmod server to send the bug reports to and I’m too lazy to make a new table so I just manipulated your sql process into a better one, and added a somewhat better style. - if your interested give it a test and if any errors pop up those can b fixed easily.

I can’t do anything about the Lua side though cause I have no idea what goes on there.
Good luck.


Also another note: <center> was said to be deprecated in HTML 4 something so I’d recommend not using it since it most likely won’t work on every browser.

Wow, thank you. I did test your PHP and it did not work, but the CSS looks great.

I committed some of the things you suggested to the main branch.

[editline]23rd December 2016[/editline]

Being as user input is handled as a string, if a user were to input this it would just display in the table. I showed that it would not work in the table.

Uh, that’s not how it works. If I input

this is a bug report', '1234');DROP TABLE bug_report;-- 

since you’re not escaping the string, that’s going to run, and at that point you can kiss your server goodbye.

[editline]23rd December 2016[/editline]

Also rather than requiring people to load and sql file, why don’t you just run


on startup?

Ohh ok. So how could I escape the string?

Also, I never really considered doing that. I’m not sure why.


[editline]23rd December 2016[/editline]

Your site is also vulnerable to xss

I’ll fix the XSS issue asap.Would i replace the DB:Query with DB:Escape ?

DB:Query(“SELECT * FROM table WHERE name = '” … DB:Escape(ply:Nick()) …"’;")

Thank you very much for showing me, and helping me fix some very important security flaws. They should be fixed on the github now.

Edit: Could someone try XSS again just so I can confirm that it is fixed?


[editline]23rd December 2016[/editline]

Might want to make sure you restart your server as well, looks like you can still do it on there.

I’ll test it out when I get time I set up a testing db when I was working last night so I can use that.
You should seriously consider PDO over Mysqli though, it’s so much easier and effective.

How would you recommend I do this portion? I was thinking to use a think hook, but that would waste a lot of resources to have that continuously loop and I didn’t find anything on the wiki about running on server start up.


I didn’t think about that hook. I was searching for something with start in the name. My b.

Edit: I have it fixed and uploaded to github.