Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#18956] - [3.8.2] [com_content] Failing search in articles view because of filter.category_id (bad SQL)

?
avatar Quibi
Quibi
2 Dec 2017

Steps to reproduce the issue

I have recently upgraded a site directly from Joomla 3.7.5 to Joomla 3.8.2. Since then, whenever I made a search in articles view, it raises a SQL error: "500 You have an error in your SQL syntax bla bla bla".

The error is provoked by an empty AND in the WHERE clause. The SQL statement is something like "bla bla WHERE (first condition) AND AND (third condition)". Second condition is empty but an empty AND operator is added.

I have traced the error to lines 270-295 in file "administrator/components/com_content/models/articles.php".

In line 270 filter.category_id is retrieved. Usually it is set to null, but in my system it is set to "" (empty string) —I suspect this is caused by a third-party extension.

In line 278, it is not checked if the $categoryId variable —which contains the value of the filter category_id— is empty. Since count('') == 1, the next block is executed as if $categoryId was not empty and, in line 293, $query->where(implode(' OR ', $subCatItemsWhere)) adds an empty where to the query (because $subCatItemesWhere is empty).

Tough this issue is probably caused by a third-party extension, I think that it is always a good idea to check if a variable is empty in PHP (so many bugs come from here).

So, I suggested to change line 278 to something like:

if (!empty(trim($categoryId)) && count($categoryId))

NOTE: this issue cannot be reproduced in a clean installation of Joomla. I think that is caused by a third-party extension. However, I think that this is a edge-case that cause a bug and should be patched.

Expected result

A proper SQL statement even when filter.category_id == ''

Actual result

An empty AND operator in SQL statement when filter.category_id="" caused by third-party extension (probably).

System information (as much as possible)

PHP Built On Darwin Kernel Version 16.7.0
Database Version 5.6.35
Database Collation utf8mb4_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.0.13
Web Server Apache/2.2.31 (Unix) mod_wsgi/3.5 Python/2.7.13 PHP/7.0.13 mod_ssl/2.2.31 OpenSSL/1.0.2j DAV/2 mod_fastcgi/2.4.6 mod_perl/2.0.9 Perl/v5.24.0
WebServer to PHP Interface apache2handler
Joomla! Version Joomla! 3.8.2 Stable [ Amani ] 7-November-2017 15:00 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT

Additional comments

Thanks a lot

avatar Quibi Quibi - open - 2 Dec 2017
avatar joomla-cms-bot joomla-cms-bot - change - 2 Dec 2017
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 2 Dec 2017
avatar Quibi Quibi - change - 2 Dec 2017
Title
3.8.2 [com_content] Failing search in articles view because of filter.category_id (bad SQL)
[3.8.2] [com_content] Failing search in articles view because of filter.category_id (bad SQL)
avatar Quibi Quibi - edited - 2 Dec 2017
avatar csthomas
csthomas - comment - 2 Dec 2017

Maybe it's related #18438

avatar Quibi Quibi - change - 2 Dec 2017
Status New Closed
Closed_Date 0000-00-00 00:00:00 2017-12-02 14:04:48
Closed_By Quibi
avatar Quibi Quibi - close - 2 Dec 2017
avatar Quibi
Quibi - comment - 2 Dec 2017

Yeah, I think so. Thanks.

Add a Comment

Login with GitHub to post a comment