Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Keywords with double quotes can't be removed from keyword list  (Read 7455 times)

0 Members and 1 Guest are viewing this topic.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de

krkeegan by PM:
Quote from: krkeegan
Sorry I can't post to the dev board and I see you are a frequent contributor and I thought you could post this for me.

I was trying to create a multiword keyword by enclosing the words in double quotes. This wasn't a good idea. Is there a feature to allow for something similar to "Christmas 2004" without having them as two different keywords?

Back to the main problem. The double quotes have really thrown cpg for a loop. I ended up with "Christmas as a keyword and now I can't edit or delete it. I had to use phpAdmin to delete the entries in the database. I guess what I am saying is that there should be a filter to prevent double quotes from being added as a keyword.

Thanks
Kevin
In the future, do not PM dev team members, but post in another sub-board where you can actually post. Make sure to say in your posting that you're refering to the devel version and that you're filing a bug report.
This is a known issue as far as delimiting of keywords is concerned: I agree it would be nice if you could select what char to use a delimiter for keywords, but currently this is simply not possible, and won't be added to cpg1.4.x (as we have a feature freeze).

Testing your report on the issues with not being able to remove keywords that contain double quotes I can confirm your findings: once you have words with double quotes as keywords, keywordmgr.php can't delete them. Will need looking into. Any dev team member care to assign this issue to himself?

Joachim
« Last Edit: April 13, 2005, 08:03:33 am by donnoman »
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Keywords with double quotes can't be removed from keyword list
« Reply #1 on: April 08, 2005, 08:48:27 am »

I've found that using connecting characters will keep multi-word keywords together. Like San_Francisco or San-Francisco in the keyword field will work when searching for "San Francisco"

The underscore would make more sense when using it to replace spaces.
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #2 on: April 10, 2005, 07:39:58 pm »

what if we just made keywords a comma delimited list?
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #3 on: April 10, 2005, 07:58:46 pm »

what if we just addslashed the data before writing to the db, and after accepting the search criteria and stripslahed before rendering the keywords?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keywords with double quotes can't be removed from keyword list
« Reply #4 on: April 10, 2005, 09:15:54 pm »

yeah, must be something along those lines. Please keep in mind that the keywords are being used for the new "link file by keyword" feature as well, so this has to be taken care of when fixing.

Joachim
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #5 on: April 11, 2005, 01:51:13 am »

Is this fix for 1.4 or should we push it to 1.5?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keywords with double quotes can't be removed from keyword list
« Reply #6 on: April 11, 2005, 06:38:55 am »

not sure what you mean. The actual bug (and it is a real bug, you can't remove the keywords at all) should be fixed for cpg1.4 - but that means just the deletion issue, not the whole matter of delimiting keywrds. The structural change "different keyword management" should wait for 1.5

Joachim
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #7 on: April 12, 2005, 07:48:57 am »

Found the culprit, the problem was in init.inc.php there could be some fallout from the fix.

original gpc processing:
Code: [Select]
// Do some cleanup in GET, POST and cookie data and un-register global vars
$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;');
if (get_magic_quotes_gpc()) {
    if (is_array($_POST)) {
        foreach ($_POST as $key => $value) {
            if (!is_array($value))
                $_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_COOKIE)) {
        foreach ($_COOKIE as $key => $value) {
            if (!is_array($value))
                $_COOKIE[$key] = stripslashes($value);
            if (isset($$key)) unset($$key);
        }
    }
    if (is_array($_REQUEST)) {
        foreach ($_REQUEST as $key => $value) {
            if (!is_array($value))
                $_REQUEST[$key] = stripslashes($value);
            if (isset($$key)) unset($$key);
        }
    }
} else {
    if (is_array($_POST)) {
        foreach ($_POST as $key => $value) {
            if (!is_array($value))
                $_POST[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_COOKIE)) {
        foreach ($_COOKIE as $key => $value) {
            if (isset($$key)) unset($$key);
        }
    }
    if (is_array($_REQUEST)) {
        foreach ($_REQUEST as $key => $value) {
            if (!is_array($value))
                $_REQUEST[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }
}

The edipics code used POST vars, so they got $HTML_SUBST and the keywords written to the db would be like "&quot;Hello World&quot;"

Keywordmgr.php uses the REQUEST vars, where if you were running with magic_quotes on, the request vars weren't being HTML_SUBT'd. If you had magic_quotes off then it worked fine.

So when it tried to find a match the actual test was "\"Hello" vs "&quot;Hello" which of course was not equiv, so the keyword would never be deleted.

Not "HTML_SUBST"ing the request vars was an oversight, however there may be some implications in the DB if data HAD been written using an unfiltered REQUEST VAR. We will just have to see.

fixed gpc processing:
Code: [Select]
// Do some cleanup in GET, POST and cookie data and un-register global vars
$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;');
if (get_magic_quotes_gpc()) {
    if (is_array($_POST)) {
        foreach ($_POST as $key => $value) {
            if (!is_array($value))
                $_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_COOKIE)) {
        foreach ($_COOKIE as $key => $value) {
            if (!is_array($value))
                $_COOKIE[$key] = stripslashes($value);
            if (isset($$key)) unset($$key);
        }
    }
    if (is_array($_REQUEST)) {
        foreach ($_REQUEST as $key => $value) {
            if (!is_array($value))
                $_REQUEST[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }
} else {
    if (is_array($_POST)) {
        foreach ($_POST as $key => $value) {
            if (!is_array($value))
                $_POST[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

    if (is_array($_COOKIE)) {
        foreach ($_COOKIE as $key => $value) {
            if (isset($$key)) unset($$key);
        }
    }
    if (is_array($_REQUEST)) {
        foreach ($_REQUEST as $key => $value) {
            if (!is_array($value))
                $_REQUEST[$key] = strtr($value, $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }
}

fix committed, needs to be tested and marked fixed.
Logged

krkeegan

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 53
  • ahh the life...
    • Kevin's Photos
CPG 1.4 Keyword Double quote error please move
« Reply #8 on: April 13, 2005, 07:41:54 am »

This is in response to this thread

Sorry I am not able to post to the dev board, if an admin could me my post I would appreciate it.

Yes the update to init.inc.php appears to have worked properly. I was able to delete the double quotes as advertised. This is a good fix for this version. I think in the future we should consider double quotes as a method to join keywords, however in the mean time the underscore is a good substitute for this idea.

Thanks

Kevin

Added 4/13/05
In response to the comment by donnoman below. Sorry I can't even reply to messages in the dev board.
« Last Edit: April 13, 2005, 09:05:36 pm by krkeegan »
Logged
There are no stupid questions, only stupid people. -Mr. Mackey, South Park

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #9 on: April 13, 2005, 08:03:15 am »

@krkeegan you should be able to reply to a thread on the bug boards, you just can't make new topics.

Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: CPG 1.4 Keyword Double quote error please move
« Reply #10 on: April 14, 2005, 08:51:09 am »

Added 4/13/05
In response to the comment by donnoman below. Sorry I can't even reply to messages in the dev board.
Please try again.

Joachim
Logged

krkeegan

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 53
  • ahh the life...
    • Kevin's Photos
Re: Keywords with double quotes can't be removed from keyword list
« Reply #11 on: April 14, 2005, 05:59:36 pm »

Yeah I can reply now thanks.

Kevin
Logged
There are no stupid questions, only stupid people. -Mr. Mackey, South Park

errormessage

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Keywords with double quotes can't be removed from keyword list
« Reply #12 on: July 30, 2005, 09:11:11 pm »

I've read through this thread and replaced the code as indicated.  I still can't delete ANY keyword using the manage keyword tool.  It appears to delete the word, but refreshes with the same keyword.  My inititial mistake was to include a comma after listing keywords (ex. funny, woman, shoes), giving me the following keywords: funny funny, woman woman, shoes shoes,.
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Keywords with double quotes can't be removed from keyword list
« Reply #13 on: July 31, 2005, 12:55:08 am »

I can't reproduce your problem.  Comma's in the keyword fields is working as expected on my dev install.

Logged

errormessage

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Keywords with double quotes can't be removed from keyword list
« Reply #14 on: July 31, 2005, 04:04:00 am »

The double words you see in the list are ones I entered in the keywords field with a comma - before I caught the problem.  It may be an anomaly in my case, but nevertheless, the real problem is that I can't delete ANY keywords.  Can keywords be deleted manually, and if so, where are they located?

Thanks,

Rob

  "Christian"   Christian  search for "Christian" in new window
  "Christian,"   Christian,  search for "Christian," in new window
  "Cory"   Cory  search for "Cory" in new window
  "Cory,"   Cory,  search for "Cory," in new window
  "Cristian"   Cristian  search for "Cristian" in new window
  "Danny"   Danny  search for "Danny" in new window
  "doctor"   doctor  search for "doctor" in new window
  "donald"   donald  search for "donald" in new window
  "earring"   earring  search for "earring" in new window
  "Eric"   Eric  search for "Eric" in new window
  "food"   food  search for "food" in new window
  "football"   football  search for "football" in new window
  "Freddy"   Freddy  search for "Freddy" in new window
  "Freddy,"   Freddy,  search for "Freddy," in new window
  "guitar"   guitar  search for "guitar" in new window
  "Jason"   Jason  search for "Jason" in new window
  "Jason,"   Jason,  search for "Jason," in new window
  "Jordan"   Jordan  search for "Jordan" in new window
  "Jordan,"   Jordan,  search for "Jordan," in new window
  "kiss"   kiss  search for "kiss" in new window
  "lake"   lake  search for "lake" in new window
  "Menor,"   Menor,  search for "Menor," in new window
  "Mentor"   Mentor  search for "Mentor" in new window
  "Mentor,"   Mentor,  search for "Mentor," in new window
  "Muki"   Muki  search for "Muki" in new window
  "muscle"   muscle  search for "muscle" in new window
  "muscle,"   muscle,  search for "muscle," in new window
  "muscles"   muscles  search for "muscles" in new window
  "Robert"   Robert  search for "Robert" in new window
  "Robert,"   Robert,  search for "Robert," in new window
  "Sanel"   Sanel  search for "Sanel" in new window
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keywords with double quotes can't be removed from keyword list
« Reply #15 on: July 31, 2005, 09:18:37 am »

post your version number of include/init.inc.php
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 19 queries.