Invalid SQL syntax from MenuManager possible
Posted: Sun Aug 05, 2012 10:27 am
Hi dev team,
I noticed an arcane little issue a while after upgrading a site to 1.11. It seems that a MenuManager smarty call with the right 'items' parameter can sometimes result in invalid MySQL syntax. This can happen when one or more of the page aliases in the 'items' parameter list refers to an "inactive" page and certain page templates are used, but not others.
To make this easier to investigate, I put in some effort and found a repeatable test case that reproduces the errors using the sample content & templates included with 1.11. I've listed the steps to reproduce below and included system information, the contents of config.php, and attached a file containing debug output including the mysql error.
Hope this helps.
The steps that I used:
I noticed an arcane little issue a while after upgrading a site to 1.11. It seems that a MenuManager smarty call with the right 'items' parameter can sometimes result in invalid MySQL syntax. This can happen when one or more of the page aliases in the 'items' parameter list refers to an "inactive" page and certain page templates are used, but not others.
To make this easier to investigate, I put in some effort and found a repeatable test case that reproduces the errors using the sample content & templates included with 1.11. I've listed the steps to reproduce below and included system information, the contents of config.php, and attached a file containing debug output including the mysql error.
Hope this helps.
The steps that I used:
- Start with a fresh install of CMSMS 1.11; create tables and load sample content & templates
- On Admin Console Content>>Pages, Add New Content page
Page Alias: test
Template: Simplex
Content: (either of these module calls)Code: Select all
{menu items='home,how-cmsms-works'} {* or *} {cms_module module='MenuManager' action='items' items='home,how-cmsms-works'} - On Admin Console, Content>>Pages, uncheck the Active box for the page with alias 'how-cmsms-works' to make it "inactive"
- In config.php, set $config['debug']=true;
- From the front-end, view page alias 'test' and note the following error in the debugging output:
Code: Select all
(mysqli): SELECT * FROM cms_content_props WHERE content_id IN () ORDER BY content_id Error (1064): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY content_id' at line 1
Contents of config.php:Cms Version: 1.11
Installed Modules:
CMSMailer: 5.2.1
CMSPrinting: 1.0.2
FileManager: 1.4.0
MenuManager: 1.8.2
MicroTiny: 1.2.3
ModuleManager: 1.5.5
News: 2.12.7
Search: 1.7.6
ThemeManager: 1.1.7
Config Information:
php_memory_limit:
process_whole_template:
output_compression:
max_upload_size: 32000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true
Php Information:
phpversion: 5.3.8
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
E_DEPRECATED: 8192
memory_limit: 96M
max_execution_time: 60
output_buffering: 4096
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /home/example/tmp.sessions (0770)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.25
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Code: Select all
<?php
# CMS Made Simple Configuration File
# Documentation: /doc/CMSMS_config_reference.pdf
#
$config['debug'] = true;
$config['dbms'] = 'mysqli';
$config['db_hostname'] = 'localhost';
$config['db_username'] = 'xxxxxxxxxx';
$config['db_password'] = 'xxxxxxxxxx';
$config['db_name'] = 'xxxxxxxxxx';
$config['db_prefix'] = 'cms_';
$config['timezone'] = 'America/Chicago';
?>