TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

December 11, 2024, 07:25:55 AM

Login with username, password and session length
Members
Stats
  • Total Posts: 195,443
  • Total Topics: 21,252
  • Online today: 88
  • Online ever: 6,457 (November 30, 2024, 02:40:09 PM)
Users Online
  • Users: 0
  • Guests: 59
  • Total: 59

Apostrophes not escaped in portal search?

Started by Oldiesmann, January 19, 2023, 04:05:31 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Oldiesmann

Found this in the forum error log. Not sure how the user got this point as I don't have any articles on this site and no search block of any kind, but figured I'd pass the info on anyway. Looks like they were looking for a topic ("What's for Dinner" is a topic in the forum)

Link to my forum: https://www.seniorsandfriends.org
SMF version: SMF 2.1.3
TP version: TP 2.2.2
Default Forum Language: English
Theme name and version: Curve2
Browser Name and Version: Firefox 108.0.2
Mods installed: TinyPortal, SMF Gallery, Pretty URLs, Optimus, Country Flags
Related Error messages:

Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_star...' at line 4


        SELECT a.id, a.date, a.views, a.subject, a.body AS body, a.author_id AS author_id, a.type, m.real_name AS real_name
        FROM smf_tp_articles AS a
        LEFT JOIN smf_members as m ON a.author_id = m.id_member
        WHERE a.subject LIKE '%what's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_start = 0 AND a.pub_end = 0)
            OR (a.pub_start != 0 AND a.pub_start < 1674052744 AND a.pub_end = 0)
            OR (a.pub_start = 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 )
            OR (a.pub_start != 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 AND a.pub_start < 1674052744))
        AND a.off = 0
        ORDER BY  a.date DESC LIMIT 20 OFFSET 0

File/line: Sources/TPSearch.php, line 197