Defect #29401
closed
Completed 500 Internal Server Error / ActionView::Template::Error
0%
Description
Hi Redmine Team,
I don't know if this bug has already be reported or fixed, but I have a 500 error when I try to view a t topic which have a quote character (') in his title.
In log files, I see a sql request with a "like" and my topic title in many words and a "like" with an unescaped quote (!), I think this is the reason of the bug.
I don't know if the bug is caused by one of my plugins.
So here is some of the log files, my production redmine version and the list of my plugins installed, I can not give more because it's a professional server.
My Redmine environment and plugins:
Environment: Redmine version 3.4.5.stable Ruby version 2.3.3-p222 (2016-11-21) [x86_64-linux-gnu] Rails version 4.2.8 Environment production Database adapter Mysql2 SCM: Subversion 1.9.5 Git 2.11.0 Filesystem Redmine plugins: additionals 2.0.10 clipboard_image_paste 1.12 collapsed_journals 0.0.3 redmine_changelog 0.0.1 redmine_checklists 3.1.11 redmine_ckeditor 1.1.5 redmine_contacts 4.1.2 redmine_default_assign 0.6 redmine_dmsf 1.6.1 redmine_favourite_projects 0.10 redmine_per_project_formatting 0.0.4 redmine_questions 0.0.7 redmine_wiki_unc 0.0.3 select_to_select2 0.1.0 sidebar_hide 0.0.8 wiki_issue_fields 0.5.6
Extract of logs anonymisedn, see the unescaped quote character in the last "like":
Completed 200 OK in 1796ms (Views: 1563.6ms | ActiveRecord: 192.2ms)
Started GET "/boards/11/topics/61-***********-**-*-****-********" for **.**.***.* at 2018-08-17 11:12:22 +0200
Processing by MessagesController#show as HTML
Parameters: {"board_id"=>"11", "id"=>"61-***********-**-*-****-********"}
Current user: ***** (id=4)
Rendered attachments/_form.html.erb (3.1ms)
Rendered plugins/redmine_questions/app/views/messages/_form.html.erb (6.2ms)
Rendered plugins/redmine_questions/app/views/messages/show.html.erb within layouts/base (29.5ms)
Completed 500 Internal Server Error in 120ms (ActiveRecord: 73.0ms)
ActionView::Template::Error (Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '****-********%')' at line 1: SELECT `messages`.* FROM `messages` WHERE (subject LIKE '%***********%' OR subject LIKE '%**%' OR subject LIKE '%*'*************%')):
127: <%# Board.all.map(&:topics).flatten.first(5).each do |topic| %>
128: <% tokens = @topic.subject.strip.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')} || "" %>
129: <% if ActiveRecord::VERSION::MAJOR >= 4 %>
130: <% related_topics = Message.where(tokens.map{ |t| "subject LIKE '%#{t}%'" }.join(' OR ')).to_a.compact if tokens %>
131: <% else %>
132: <% related_topics = Message.search(tokens, @project, :limit => 5)[0].select{|m| m != @topic && m.parent_id == nil }.compact if tokens %>
133: <% end %>
plugins/redmine_questions/app/views/messages/show.html.erb:130:in `block in _99e0afdb384a5cb363757c730c2215d6'
plugins/redmine_questions/app/views/messages/show.html.erb:105:in `_99e0afdb384a5cb363757c730c2215d6'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'
plugins/redmine_dmsf/lib/redmine_dmsf/webdav/custom_middleware.rb:62:in `call'
Jean-Louis, a french user.
Updated by Jean Louis over 6 years ago
- Status changed from New to Resolved
Sorry, the bug is in the "redmine_questions" plugin.
I have updated it from 0.0.7 to 1.0.0 and the bug disappears.
Updated by Go MAEDA over 6 years ago
- Status changed from Resolved to Closed
- Priority changed from High to Normal
- Resolution set to Invalid
Thank you for reporting the cause of the problem.