HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media


Welcome to TinyPortal. Please login or sign up.

July 21, 2024, 07:23:49 AM

Login with username, password and session length
  • Total Posts: 195,333
  • Total Topics: 21,233
  • Online today: 103
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 1
  • Guests: 56
  • Total: 57
  • @rjen

Apostrophes not escaped in portal search?

Started by Oldiesmann, January 19, 2023, 04:05:31 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Found this in the forum error log. Not sure how the user got this point as I don't have any articles on this site and no search block of any kind, but figured I'd pass the info on anyway. Looks like they were looking for a topic ("What's for Dinner" is a topic in the forum)

Link to my forum:
SMF version: SMF 2.1.3
TP version: TP 2.2.2
Default Forum Language: English
Theme name and version: Curve2
Browser Name and Version: Firefox 108.0.2
Mods installed: TinyPortal, SMF Gallery, Pretty URLs, Optimus, Country Flags
Related Error messages:

Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_star...' at line 4

        SELECT,, a.views, a.subject, a.body AS body, a.author_id AS author_id, a.type, m.real_name AS real_name
        FROM smf_tp_articles AS a
        LEFT JOIN smf_members as m ON a.author_id = m.id_member
        WHERE a.subject LIKE '%what's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_start = 0 AND a.pub_end = 0)
            OR (a.pub_start != 0 AND a.pub_start < 1674052744 AND a.pub_end = 0)
            OR (a.pub_start = 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 )
            OR (a.pub_start != 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 AND a.pub_start < 1674052744))
        AND = 0

File/line: Sources/TPSearch.php, line 197