\ in action causes database error

[Oldiesmann]

Not sure this is worth fixing but I thought I'd report it anyway. Saw an error related to this in my forum's error log.


The query that handles finding blocks to show for a specific "action" doesn't escape the action, so a stray \ will cause an error.

Code Select Expand

Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '=allpages', access2))

AND (FIND_IN_SET(-1, access))
ORDER BY bar, pos,' at line 9




SELECT * FROM smf_tp_blocks
WHERE off = 0
AND bar != 4
AND (




FIND_IN_SET('actio=signup', access2) OR FIND_IN_SET('actio=signup\', access2) OR FIND_IN_SET('actio=allpages', access2))

AND (FIND_IN_SET(-1, access))
ORDER BY bar, pos, id ASC


This occurs at line 2223 of Sources/TPortal.php


Other than generating a bunch of errors (the DB error followed by 5 "Undefined index: tp_panels" and 5 "in_array() expects parameter 2 to be array, null given" errors), it doesn't cause any problems (SMF just shows a generic error message to the user if they're not an admin), and I can't think of any legitimate reason why you'd have a \ in the action anyway, but it might be a good idea to escape it just in case.

[tino]

what version of TinyPortal are you using? I am struggling to recreate this atm.

I tried action=forum\f but it doesn't throw a error.

[Oldiesmann]

I believe it only occurs when the \ is the last character in the action string. In my case the action that triggered it is "signup\". I'm using TP 1.6.6.

[lurkalot]

I believe it only occurs when the \ is the last character in the action string. In my case the action that triggered it is "signup\". I'm using TP 1.6.6.

Yep that triggers it for me too. I'm running TP 1.6.7

[tino]

Thanks, I think it's fixed in Version 2, I'll move that fix to 1.6.x also.

[lurkalot]

Thanks, I think it's fixed in Version 2, I'll move that fix to 1.6.x also.

Tino, thanks.  I noticed you get about a page full of errors in log in SMF 2.0 when you do this. In SMF 2.1 a different looking error on page when doing this, but about 50 errors in log. 

I'll go check TP 2.0.0

[lurkalot]

Thanks, I think it's fixed in Version 2

Yep I don't have this issue in TP 2.0.0 

[@rjen]

Unfortunately I do find a similar issue in 2.0.0 as well.

tried adding the backslash after a page number... like this
https://test.fjr-club.nl/index.php?cat=Nieuws\
On a test forum running SMF 2.0.17 and TP200.

bam:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''tpcat=Nieuws\', access2))
AND 1=1
ORDER BY bar, pos, id ASC' at line 4
Bestand: /home/deb77453/domains/fjr-club.nl/public_html/test/Sources/TPBlock.php
Regel: 163

doing the same in 167 with 2.0.17  does not give any errors, so this is a 2.0 issue
alone.
But it does not error on an SMF 2.1 test forum with TP 200

[lurkalot]

Yep.  You're right it does. 

Database Error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''tpage=ebay-rss\', access2) OR FIND_IN_SET('', access2))
AND 1=1
ORDER BY' at line 4
File: /home/vol11_7/byethost7.com/b7_24299229/htdocs/testsite5/Sources/TPBlock.php
Line: 163

[lurkalot]

Same thing happening in downloads as well in TP 1.6.7

action=tpmod;dl\
action=tpmod;dl=item14\

etc

I noticed in TP 2.0.0 though, action=tpmod;dl\ give a,

"An Error Has Occurred!
Unable to load the 'main' template."