Actions
Defect #25416
closed
"My account" broken with MySQL 8.0 (keyword admin should be escaped)
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Affected version:
Description
Clicking "My account" when using a mysql database gives the folowing error:
Completed 500 Internal Server Error in 383ms (ActiveRecord: 12.9ms)
ActionView::Template::Error (Mysql2::Error: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near
'admin = 1 AND id <> 4) LIMIT 1' at line 1:
SELECT 1 AS one FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND (admin = 1 AND id <> 4) LIMIT 1):
3: <p><%=l(:field_login)%>: <strong><%= link_to_user(@user, :format => :username) %></strong><br />
4: <%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
5:
6: <% if @user.own_account_deletable? %>
7: <p><%= link_to(l(:button_delete_my_account), {:action => 'destroy'}, :class => 'icon icon-del') %></p>
8: <% end %>
9:
app/models/user.rb:687:in `own_account_deletable?'
app/views/my/_sidebar.html.erb:6:in `_app_views_my__sidebar_html_erb___2869233383891145181_70035919334040'
app/views/my/account.html.erb:57:in `block in _app_views_my_account_html_erb___4301926150472292574_70036033743920'
app/views/my/account.html.erb:56:in `_app_views_my_account_html_erb___4301926150472292574_70036033743920'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'
The fix is to add escapings `` for the admin keyword in the sql query like so:
[extmcm@ux310tas001 ~]$ diff user.rb user_fixed.rb
114d113
< validates_length_of :identity_url, maximum: 255
687c686
< (!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?)
---
> (!admin? || User.active.where("`admin` = ? AND id <> ?", true, id).exists?)
Files
Updated by Toshi MARUYAMA 
Updated by 
Updated by 
Updated by 
Updated by
Actions