6.0.0-git
2019-04-24

[#8364] Possible Bug with Quoting in Postgres Backend
Summary Possible Bug with Quoting in Postgres Backend
Queue Kronolith
Queue Version 2.2
Type Bug
State No Feedback
Priority 1. Low
Owners
Requester mws (at) mwsanders (dot) com
Created 2009-06-21 (3594 days ago)
Due
Updated 2009-07-20 (3565 days ago)
Assigned 2009-06-22 (3593 days ago)
Resolved 2009-07-20 (3565 days ago)
Milestone
Patch No

History
2009-07-20 15:46:38 Jan Schneider Summary ⇒ Possible Bug with Quoting in Postgres Backend
State ⇒ No Feedback
 
2009-06-22 12:00:11 Jan Schneider Comment #2
State ⇒ Feedback
Patch ⇒ No
Reply to this comment
This code is in Horde, not Kronolith. And if your Horde version is as 
old as your Kronolith version, then please update first.
2009-06-21 21:49:29 mws (at) mwsanders (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ Possible Bug with Quoting in Postgress Backend
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ Yes
New Attachment: sql.php.bak Download
Reply to this comment
There seems to be a quoting issue in the script provided that 
generates the following error message on an UBUNTU distro install with 
the deb packages.  The backend is a postgres SQL database...

----------- Error Message --------------

  [pid 23811 on line 422 of "/usr/share/horde3/lib/Horde/Share/sql.php"]

Jun 21 15:12:37 HORDE [error] [kronolith] MDB2 Error: no such field: 
_doQuery: [Error message: Could not execute statement]

[Last executed query: SELECT s.*  FROM kronolith_shares s  LEFT JOIN 
kronolith_shares_users AS u ON u.share_id = s.share_id LEFT JOIN 
kronolith_shares_groups AS g ON g.share_id = s.share_id WHERE 
s.share_owner = 'mwsanders' OR (s.perm_creator & 2) <> 0 OR 
(s.perm_default & 2) <> 0 OR ( u.user_uid = 'mwsanders' AND (u.perm & 
2) <> 0) OR ( g.group_uid IN ("2") AND (g.perm & 2) <> 0) ORDER BY 
s.attribute_name ASC]

[Native message: ERROR:  column "2" does not exist

LINE 1: ...ders' AND (u.perm & 2)  0) OR ( g.group_uid IN ("2") AND (...

-------------- End Error Message ---------------------



The attached script resolves the issue for this platform, but should 
probably be implemented with a DB->Quote call....   Not a PHP 
programmer....  Don't know if this was already addressed in following 
2.3.x releases.





--------------------  Change in sql.php / @ Line 623 ------------------

/* Old Line ---

                 $where .= ' OR ( g.group_uid IN ("' . implode('","', 
array_keys($groups)) . '")' */

/* New Line */

                $where .= ' OR ( g.group_uid IN (\'' . implode('\',\'', 
array_keys($groups)) . '\')'

---------------------- End change -------------------------------------



Respectfully,

Matthew Wells Sanders

Saved Queries