Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: low to medium priority bug - user name with apostrophe  (Read 4643 times)

0 Members and 1 Guest are viewing this topic.

blueginko

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
low to medium priority bug - user name with apostrophe
« on: July 20, 2005, 07:27:33 pm »

I have a user with an apostrophe in their name, so I thought I should check how it looks in Coppermine. It's a ah, minor (is there a minor show stopepr) but the escape symbol shows before the apostrophe in the name in:

1.  top menu Logout [O\'test]
2.  Profile header bar "O\'test's profile"
(see image for example).

appears correctly (O'test) in but causes issues:

1.  If you create a user album "O'test's album" it's shown correctly.
2.  Memberlist and admin userlist - NOTE however if you click on the users name DB throws an error clearly because of the apostrophe:

While executing query "SELECT pid FROM cpg_pictures WHERE owner_name = 'O'test'" on 0

mySQL error: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'test'' at line 1.

So, it displays incorrectly in many areas, and will throw an error in a db query because it's not dealt with in the query.



Excellent release thou!  So many issues fixed.

« Last Edit: August 02, 2005, 08:06:45 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: low to medium priority bug - user name with apostrophe
« Reply #1 on: August 01, 2005, 08:27:54 am »

Confirming this bug:
1.  top menu Logout [O\'test]

2.  Profile header bar "O\'test's profile" (the <title> tag)

3. In http://domain.tld/cpg14x/profile.php?uid=6
Code: [Select]
While executing query "SELECT pid FROM cpg140_pictures WHERE owner_name = 'O'Test'" on 0

mySQL error: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Test'' at line 1
. The line reads
Code: [Select]
        $result = cpg_db_query("SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE owner_name = '$user_data[user_name]'");, so the $user_data array needs proper escaping


@devs: volunteers?
Logged

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: low to medium priority bug - user name with apostrophe
« Reply #2 on: August 01, 2005, 09:14:31 am »

Updating my devel. Will soon commit fix.
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: low to medium priority bug - user name with apostrophe
« Reply #3 on: August 01, 2005, 09:31:17 am »

Fixed and commited to CVS.
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: low to medium priority bug - user name with apostrophe
« Reply #4 on: August 02, 2005, 08:06:33 am »

Confirming fix. Thanks for looking into it. Marking thread as "fixed"
Logged

stock

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 109
Re: low to medium priority bug - user name with apostrophe
« Reply #5 on: September 27, 2005, 08:34:37 pm »

Could someone explain about this.

I am suddenly getting this problem the the escape symbol showing before the single apostrophe in image description, not even in title (I dont use them in titles)

But this is not happening in captions I did earlier.

Why is this suddently happening and what can I do about this?

Thanks

Stock
Logged

stock

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 109
Re: low to medium priority bug - user name with apostrophe
« Reply #6 on: September 27, 2005, 08:41:48 pm »

Here is what is happening. In fact it puts in three escape symbols!

I have take off read EXif data.

The one further down is where I re-typed it in case the one above was Exif data. I have even tried using the &#and the number code instead of the apostrophe but this is too much as plants need to have apostrophes around a port of the name for official naming purposes, so it's important to get this right.

this is what is happening sometimes (the three)
Aquilegia State Series \\\'Kansas\\\'
(Columbine) on show at
2005 rhs Hampton
Court Palace flower show

this is the re-type:
Aquilegia State Series \'Kansas\' (Columbine) on show at 2005 rhs Hampton Court Palace Flower show

Stock
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: low to medium priority bug - user name with apostrophe
« Reply #7 on: September 28, 2005, 08:09:11 am »

are you requesting support for cpg1.4.x? There is no support yet. If this is suppossed to be a bug report, then post the needed data as suggested in section 0 of the dev docs. Make sure you actually have the most recent cvs checkout of cpg1.4.x when posting here. If you have another version, post on the board that deals with your version!
Logged

stock

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 109
Re: low to medium priority bug - user name with apostrophe
« Reply #8 on: September 28, 2005, 02:09:07 pm »

sorry I am confused. I searched for the right topic and put this on the end of one posting. I am not 1.4

thanks
Stock
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.