In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Advanced Details [ Jump to Notes ] [ Wiki ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Type

Reproducibility

Date Submitted

Last Update

0000412

[In-Portal CMS] Admin Interfaces

bug report

always

2009-10-28 01:44

2010-01-11 22:05

Reporter

Dmitry

View Status

public

Project Name

In-Portal CMS

Assigned To

alex

Developer

Priority

normal

Resolution

fixed

Platform

Status

closed

OS Version

ETA

none

Fixed in Version

5.0.2-B1

Product Version

5.0.2-B1

Target Version

5.0.2

Product Build

Time Estimate

No estimate

Summary

0000412: SQL Fatal when using Double-quotes in Text Filters in Grids

Description

SQL Fatal when using Double-quotes in Text Filters in Grids.

Example - filter"

1. Applies to all text filters including main search one

2. single-quote (') works fine.

Steps To Reproduce

SQL Fatal

    SELECT Category.* ,(REPLACE(ParentPath, CONCAT('|', Category.CategoryId, '|'), '')) AS `CurrentSort`,(img.SameImages) AS `SameImages`,(img.LocalThumb) AS `LocalThumb`,(img.ThumbPath) AS `ThumbPath`,(img.ThumbUrl) AS `ThumbUrl`,(img.LocalImage) AS `LocalImage`,(img.LocalPath) AS `LocalPath`,(img.Url) AS `FullUrl`,(IF(ThemeId != 0, 1, 0)) AS `CreatedBySystem`,(cust.l1_cust_7) AS `cust_l_ItemTemplate`,(cust.l1_cust_8) AS `cust_RssExpireInterval`,(cust.l1_cust_9) AS `cust_RssUpdateInterval`,(cust.l1_cust_10) AS `cust_RssLastUpdated`,(cust.l1_cust_11) AS `cust_RssDeleteExpired`,(cust.l1_cust_13) AS `cust_RssUpdateIntervalType`,(cust.l1_cust_14) AS `cust_RssSource`,(cust.l1_cust_15) AS `cust_RssExpireIntervalType`,(cust.l1_cust_16) AS `cust_RssDefaultExpiration`,(cust.l1_cust_17) AS `cust_RssDefaultExpirationType`,(cust.l1_cust_18) AS `cust_RssLastExpired`,(cust.l1_cust_20) AS `cust_n_ItemTemplate`,(cust.l1_cust_21) AS `cust_bb_ItemTemplate`,(cust.l1_cust_24) AS `cust_p_ItemTemplate`,(Category.CreatedOn) AS `CreatedOn_date`,(Category.CreatedOn) AS `CreatedOn_time`,(Category.Modified) AS `Modified_date`,(Category.Modified) AS `Modified_time`,( IF(Category.NewItem = 2, IF(Category.CreatedOn >= (UNIX_TIMESTAMP() - 8*3600*24), 1, 0), Category.NewItem )) AS `IsNew`
    FROM Category
    LEFT JOIN Images img ON img.ResourceId = Category.ResourceId AND img.DefaultImg = 1
    LEFT JOIN PermCache ON PermCache.CategoryId = Category.CategoryId
    LEFT JOIN CategoryCustomData cust ON Category.ResourceId = cust.ResourceId
    WHERE ((Category.Status <> 4) AND (Category.ThemeId = 4 OR Category.ThemeId = 0) AND (ParentId = 1) AND (PermId = 1)) AND (((`Category`.`l1_Name` LIKE "%tret\\"%")))
    ORDER BY `Category`.`Priority` desc,`Category`.`l1_Name` asc
    LIMIT 0,21

Additional Information

Tags

No tags attached.

Reference

http://groups.google.com/group/in-portal-bugs/browse_frm/thread/81868552e0093097

Change Log Message

Estimate Points

Attached Files

quote_not_escaped_in_search.patch [^] (1,899 bytes) 2009-11-10 05:15 [Show Content]

Index: search_helper.php
===================================================================
--- search_helper.php	(revision 12883)
+++ search_helper.php	(working copy)
@@ -71,37 +71,36 @@
 
 				switch ($sign) {
 					case '+':
-						$plus_conditions[] = implode(' LIKE "%'.$keyword.'%" OR ', $fields).' LIKE "%'.$keyword.'%"';
+						$plus_conditions[] = implode(" LIKE '%" . $keyword . "%' OR ", $fields) . " LIKE '%" . $keyword . "%'";
 						break;
 
 					case '-':
 						foreach ($fields as $field) {
-							$condition[] = $field.' NOT LIKE "%'.$keyword.'%" OR '.$field.' IS NULL';
+							$condition[] = $field . " NOT LIKE '%" . $keyword . "%' OR " . $field . ' IS NULL';
 						}
-						$minus_conditions[] = '('.implode(') AND (', $condition).')';
+						$minus_conditions[] = '(' . implode(') AND (', $condition) . ')';
 						break;
 
 					case '':
-						$keyword = str_replace('"', '\"', $keyword);
-						$normal_conditions[] = implode(' LIKE "%'.$keyword.'%" OR ', $fields).' LIKE "%'.$keyword.'%"';
+						$normal_conditions[] = implode(" LIKE '%" . $keyword . "%' OR ", $fields) . " LIKE '%" . $keyword . "%'";
 						break;
 				}
 			}
 
 			// building where clause
 			if ($normal_conditions) {
-				$where_clause = '('.implode(') OR (', $normal_conditions).')';
+				$where_clause = '(' . implode(') OR (', $normal_conditions) . ')';
 			}
 			else {
 				$where_clause = '1';
 			}
 
 			if ($plus_conditions) {
-				$where_clause = '('.$where_clause.') AND ('.implode(') AND (', $plus_conditions).')';
+				$where_clause = '(' . $where_clause . ') AND (' . implode(') AND (', $plus_conditions) . ')';
 			}
 
 			if ($minus_conditions) {
-				$where_clause = '('.$where_clause.') AND ('.implode(') AND (', $minus_conditions).')';
+				$where_clause = '(' . $where_clause . ') AND (' . implode(') AND (', $minus_conditions) . ')';
 			}
 
 			return $where_clause;

Relationships [ Relation Graph ] [ Dependency Graph ]

related to

0000097

closed (5.0.2)

alex

Issues with "Like" type Grid Filters in Admin

Notes
(0001068) alex (manager) 2009-11-10 05:16	Done.

(0001069) alex (manager) 2009-11-10 05:16	Fix committed to 5.0.x branch. Commit Message: Fixes 0000412: SQL Fatal when using Double-quotes in Text Filters in Grids

(0001070) alex (manager) 2009-11-10 05:16	Reminder sent to: Dmitry Test. Already commited.

(0001333) Dmitry (manager) 2010-01-11 22:05	Closing completed tasks.

Related Changesets
In-Portal CMS: 5.0.x r12892 Timestamp: 2009-11-10 05:16:33 Author: alex [ Details ] [ Diff ]	Fixes 0000412: SQL Fatal when using Double-quotes in Text Filters in Grids
	mod - /in-portal/branches/5.0.x/core/units/helpers/search_helper.php	[ Diff ] [ File ]

Issue History
Date Modified	Username	Field	Change
2010-01-11 22:05	Dmitry	Note Added: 0001333
2010-01-11 22:05	Dmitry	Status	resolved => closed
2009-11-10 05:16	alex	Note Added: 0001070
2009-11-10 05:16	alex	Note Added: 0001069
2009-11-10 05:16	alex	Status	needs testing => resolved
2009-11-10 05:16	alex	Fixed in Version	=> 5.0.2-B1
2009-11-10 05:16	alex	Resolution	open => fixed
2009-11-10 05:16	alex	Assigned To	!COMMUNITY => alex
2009-11-10 05:16	alex	Changeset attached	5.0.x r12892
2009-11-10 05:16	alex	Note Added: 0001068
2009-11-10 05:16	alex	Assigned To	alex => !COMMUNITY
2009-11-10 05:16	alex	Status	needs work => needs testing
2009-11-10 05:15	alex	File Added: quote_not_escaped_in_search.patch
2009-11-10 04:31	alex	Relationship added	related to 0000097
2009-10-28 04:44	alex	Reference	http://groups.google.com/group/in-portal-bugs/browse_frm/thread/81868552e0093097 => http://groups.google.com/group/in-portal-bugs/browse_frm/thread/81868552e0093097
2009-10-28 01:44	Dmitry	New Issue
2009-10-28 01:44	Dmitry	Status	active => needs work
2009-10-28 01:44	Dmitry	Assigned To	=> alex
2009-10-28 01:44	Dmitry	Reference	=> http://groups.google.com/group/in-portal-bugs/browse_frm/thread/81868552e0093097

Web Development by Intechnic

In-Portal Open Source CMS