In-Portal Issue Tracker - In-Portal CMS
Viewing Issue Advanced Details
1014 [In-Portal CMS] Database bug report always 2011-03-13 05:55 2011-09-19 16:09
alex  
alex  
normal  
closed 5.1.2-B2  
fixed  
 
none 5.1.3-B1  
https://groups.google.com/d/topic/in-portal-bugs/O0Ln5E6E4yY/discussion https://groups.google.com/d/topic/in-portal-bugs/AQ7PqO7GFMo/discussion
Fixes form value not escaped in kLEFTFormatter class
0
0001014: Unable to select user, that has ' in it's username
In-Portal uses formatter classes to transform database values into human readable form and back.

Class kLEFTFormatter in particular is used along with user selectors to convert username selected into ID and back. I've recently discovered, that it doesn't escape value from the form before checking it's presence in database resulting sql error, when username has ' in it.
related to 0000964closed  (5.2.0)alex Improvements to user Login field 
patch left_formatter_sql_error_when_field_contains_single_quote.patch (1,145) 2011-03-13 05:55
http://tracker.in-portal.org/file_download.php?file_id=963&type=bug
Issue History
2011-09-19 16:09 alex Note Added: 0003869
2011-09-19 16:09 alex Status resolved => closed
2011-05-20 03:01 alex Note Added: 0003430
2011-05-20 03:01 alex Status reviewed and tested => resolved
2011-05-20 03:01 alex Fixed in Version => 5.1.3-B1
2011-05-20 03:01 alex Resolution open => fixed
2011-05-20 03:01 alex Assigned To !COMMUNITY => alex
2011-05-20 03:01 alex Changeset attached 5.1.x r14322
2011-04-04 11:49 Dmitry Target Version Icebox => 5.1.3
2011-03-14 05:50 phil Note Added: 0003295
2011-03-14 05:50 phil Status needs testing => reviewed and tested
2011-03-14 05:50 phil Note Deleted: 0003294
2011-03-14 05:49 phil Note Added: 0003294
2011-03-13 06:47 alex Relationship added related to 0000964
2011-03-13 06:44 alex Reference https://groups.google.com/d/topic/in-portal-bugs/O0Ln5E6E4yY/discussion => https://groups.google.com/d/topic/in-portal-bugs/O0Ln5E6E4yY/discussion https://groups.google.com/d/topic/in-portal-bugs/AQ7PqO7GFMo/discussion
2011-03-13 05:58 alex Assigned To => !COMMUNITY
2011-03-13 05:58 alex Developer => alex
2011-03-13 05:58 alex Status active => needs testing
2011-03-13 05:57 alex Reference => https://groups.google.com/d/topic/in-portal-bugs/O0Ln5E6E4yY/discussion
2011-03-13 05:55 alex New Issue
2011-03-13 05:55 alex File Added: left_formatter_sql_error_when_field_contains_single_quote.patch
2011-03-13 05:55 alex Change Log Message => Fixes form value not escaped in kLEFTFormatter class

Notes
(0003295)
phil   
2011-03-14 05:50   
tested GOOD on v510
(0003430)
alex   
2011-05-20 03:01   
Fix committed to 5.1.x branch. Commit Message:

Fixes 0001014: Unable to select user, that has ' in it's username
(0003869)
alex   
2011-09-19 16:09   
Closing, since 5.1.3 release has been released.