View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012170 | mantisbt | bugtracker | public | 2010-07-13 23:42 | 2014-09-23 18:05 |
Reporter | ma33 | Assigned To | dregad | ||
Priority | normal | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0 | ||||
Target Version | 1.2.12 | Fixed in Version | 1.2.12 | ||
Summary | 0012170: SQL syntax error occurs when sorting it by the custom field where special character is included. | ||||
Description | click link of custom field in view_all_bug_page.php <custom field's name> case2: | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Incorrect behavior is caused by unnecessarily escaping the custom field's name prior to attempting to retrieve it's id, which prevents a successful match due to double "te'st" becomes "te\'st" before call to custom_field_get_id_from_name() |
|
Please test proposed fix https://github.com/dregad/mantisbt/tree/fix-12170 |
|
You removed the assignment to $c_field_name, but the variable is used : utf8_strlen( $c_field_name ) |
|
D'oh... Fixed, thanks for testing. |
|
On master branch, the behavior exists as well, although the error message is different (APPLICATION ERROR 1300 - Custom field not found). However, the same fix applies |
|
Thank you, |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master 9344b945 2012-08-31 03:34 Details Diff |
Fix SQL error when sorting by custom field containing special char Incorrect behavior is due to unnecessarily escaping of special chars by calling db_prepare_string() on the custom field's name before attempting to retrieve it's id with custom_field_get_id_from_name(). This causes a double-escaping which prevents a match. Even though this is not strictly necessary to fix the issue at hand, this commit also replaces db_query() call by db_query_bound() in custom_field_get_id_from_name(). Fixes 0012170 |
Affected Issues 0012170 |
|
mod - core/custom_field_api.php | Diff File | ||
mod - core/filter_api.php | Diff File | ||
MantisBT: master-1.2.x 6a7db340 2012-08-31 03:38 Details Diff |
Fix SQL error when sorting by custom field containing special char Incorrect behavior is due to unnecessarily escaping of special chars by calling db_prepare_string() on the custom field's name before attempting to retrieve it's id with custom_field_get_id_from_name(). This causes a double-escaping which prevents a match. Even though this is not strictly necessary to fix the issue at hand, this commit also replaces db_query() call by db_query_bound() in custom_field_get_id_from_name(). Fixes 0012170 |
Affected Issues 0012170, 0015264 |
|
mod - core/custom_field_api.php | Diff File | ||
mod - core/filter_api.php | Diff File |