Hello,
This happens in the same context as my others tracks (3029 - 3057).
This is a problem that is completely identified.
In my opinion it is important.
The database has been saved in SQL and loaded with upgraded versions of mysql and php 5.3.2.
There is in my opinion no relation with the system context.
During start the current session prefs contained into cache participate to generation of the query launch to reinit the context of previous current session.
__A fatal error occurs in tikisession-pdo.php on line 44 function write statement <$sth->execute();>
PDOException: SQLSTATEHY093: Invalid parameter number: no parameters were bound in D:\Trebly\Teawik-ld8-422a\lib\tikisession-pdo.php on line 44__
The var_dump($qry) in "prepare" function (see my interface in Class TikiDb_Pdo) gives (extract)
''object(PDOStatement)42
public 'queryString' => string 'update sessions set data='need_reload_prefs|b:0;serialized_prefs|a:9:{i:0;s:27:"feature....''
The problem comes from the fact that into the session->data you can find the HOMEPAGE article "title" which is, in this case (French):
s:46:"Page d'accueil spécifique des administrateurs";
so the " ' " not escaped generates the crash of the request.
When the titles of articles (or any text which can occur into prefs or any query) are stored the " ' " must be escaped into the database.
- upgrade database
- upgrade display for these text with escaped " ' "
- upgrade when text is got from forms the data transfer to database with the escaped " ' "
- set a test on syntax queries to catch this error. A simple test of " ' " into query which display error message (because it is impossible to execute a validate successful query).
Note : Temporarily I have implemented for me a syntax control and a validation test for " ' " into the query which escapes the incongruous " ' " with a warning message. This because with this title the content will not be found... but the query don't answers in a right manner.
To execute completely I have suppressed in my test database the " ' " into the titles. This can't be used in an operational config.
This occurs because I use for test an homepage which depend of the main group of users of the user.
So I have severals homepages managed as articles with a link to categories.
On his homepage a user can in this way find :
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |