Login  |  Register
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome, Guest. Please login or register.
Did you miss your activation email?

January 30, 2023, 11:42:49 PM

Login with username, password and session length
Members
  • Total Members: 3856
  • Latest: Bixby
Stats
  • Total Posts: 193906
  • Total Topics: 21127
  • Online today: 52
  • Online ever: 3540
  • (September 02, 2022, 06:38:54 PM)
Users Online
Users: 1
Guests: 45
Total: 46

Author Topic: Apostrophes not escaped in portal search?  (Read 57 times)

0 Members and 1 Guest are viewing this topic.

Offline Oldiesmann

  • Jr. Member
  • **
  • Posts: 50
    • Cincy Space
Apostrophes not escaped in portal search?
« on: January 18, 2023, 09:05:31 PM »
Found this in the forum error log. Not sure how the user got this point as I don't have any articles on this site and no search block of any kind, but figured I'd pass the info on anyway. Looks like they were looking for a topic ("What's for Dinner" is a topic in the forum)

Link to my forum: https://www.seniorsandfriends.org
SMF version: SMF 2.1.3
TP version: TP 2.2.2
Default Forum Language: English
Theme name and version: Curve2
Browser Name and Version: Firefox 108.0.2
Mods installed: TinyPortal, SMF Gallery, Pretty URLs, Optimus, Country Flags
Related Error messages:

Code: [Select]
Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_star...' at line 4


        SELECT a.id, a.date, a.views, a.subject, a.body AS body, a.author_id AS author_id, a.type, m.real_name AS real_name
        FROM smf_tp_articles AS a
        LEFT JOIN smf_members as m ON a.author_id = m.id_member
        WHERE a.subject LIKE '%what's for dinner%' OR a.body LIKE '%what's for dinner%'
        AND ((a.pub_start = 0 AND a.pub_end = 0)
            OR (a.pub_start != 0 AND a.pub_start < 1674052744 AND a.pub_end = 0)
            OR (a.pub_start = 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 )
            OR (a.pub_start != 0 AND a.pub_end != 0 AND a.pub_end > 1674052744 AND a.pub_start < 1674052744))
        AND a.off = 0
        ORDER BY  a.date DESC LIMIT 20 OFFSET 0
File/line: Sources/TPSearch.php, line 197