View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0005406OXID eShop (all versions)1.06. Search, Tagspublic2013-09-12 13:052013-10-23 09:01
Reporterfinnegan Assigned To 
PrioritynormalSeveritycrashReproducibilityrandom
Status closedResolutionunable to reproduce 
Product Version4.3.2 revision 27884 
Summary0005406: Single quote in tag field crashes MySql engine
DescriptionPreface: I am aware that we are using an outdated version of Oxid EE. We are in the process of updating.
But the problem is so severe that I want to make sure it has been solved in newer versions of Oxid eShop.

We have some products where single quotes have been entered in the tag field in the backend article main tab (e.g. as in the name "Prud'homme"). This generated, as intenden, a clickable tag in the shop frontend with a SEO-encoded link.
From time to time when this link was hit the MySQL engine crashed completely. The last crash was triggered by the search engine Bing.
Steps To ReproduceI am not trying to reproduce this since we are on a live system (managed server).
Additional InformationOS Linux Gentoo
MySQL 5.5.28
PHP 5.2.17
Charset ISO 8859-15

I queried the oxseo table for the SEO link in question and found a heap of escape characters in the field oxstdurl:

index.php?cl=details&anid=XXXXXXXX&listtype=tag&searchtag=d%5C%5C%5C%5C%5C%5C%5C%27someword

%5C is a backslash, it seems as if Oxid would add backslash after backslash
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Activities

jurate.baseviciene

2013-10-07 10:42

reporter   ~0009130

Reminder sent to: finnegan

Hi,

Sorry, but we can not reproduce the case. Could you please let us know if you still experience same problem on our latest eShop version 4.7.8 - 5.0.8 or demo shop

http://demoshop.oxid-esales.com/EnEd/
http://demoshop.oxid-esales.com/professional-edition/
http://demoshop.oxid-esales.com/community-edition/ ?
maybe some other special options are turned on?


Best regards