Project

General

Profile

Actions

Defect #29401

closed

Completed 500 Internal Server Error / ActionView::Template::Error

Added by Jean Louis over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Forums
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

Hi Redmine Team,

I don't know if this bug has already be reported or fixed, but I have a 500 error when I try to view a t topic which have a quote character (') in his title.
In log files, I see a sql request with a "like" and my topic title in many words and a "like" with an unescaped quote (!), I think this is the reason of the bug.
I don't know if the bug is caused by one of my plugins.

So here is some of the log files, my production redmine version and the list of my plugins installed, I can not give more because it's a professional server.

My Redmine environment and plugins:

Environment:
  Redmine version                3.4.5.stable
  Ruby version                   2.3.3-p222 (2016-11-21) [x86_64-linux-gnu]
  Rails version                  4.2.8
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.9.5
  Git                            2.11.0
  Filesystem                     
Redmine plugins:
  additionals                    2.0.10
  clipboard_image_paste          1.12
  collapsed_journals             0.0.3
  redmine_changelog              0.0.1
  redmine_checklists             3.1.11
  redmine_ckeditor               1.1.5
  redmine_contacts               4.1.2
  redmine_default_assign         0.6
  redmine_dmsf                   1.6.1
  redmine_favourite_projects     0.10
  redmine_per_project_formatting 0.0.4
  redmine_questions              0.0.7
  redmine_wiki_unc               0.0.3
  select_to_select2              0.1.0
  sidebar_hide                   0.0.8
  wiki_issue_fields              0.5.6

Extract of logs anonymisedn, see the unescaped quote character in the last "like":

Completed 200 OK in 1796ms (Views: 1563.6ms | ActiveRecord: 192.2ms)
Started GET "/boards/11/topics/61-***********-**-*-****-********" for **.**.***.* at 2018-08-17 11:12:22 +0200
Processing by MessagesController#show as HTML
  Parameters: {"board_id"=>"11", "id"=>"61-***********-**-*-****-********"}
  Current user: ***** (id=4)
  Rendered attachments/_form.html.erb (3.1ms)
  Rendered plugins/redmine_questions/app/views/messages/_form.html.erb (6.2ms)
  Rendered plugins/redmine_questions/app/views/messages/show.html.erb within layouts/base (29.5ms)
Completed 500 Internal Server Error in 120ms (ActiveRecord: 73.0ms)

ActionView::Template::Error (Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '****-********%')' at line 1: SELECT `messages`.* FROM `messages` WHERE (subject LIKE '%***********%' OR subject LIKE '%**%' OR subject LIKE '%*'*************%')):
    127:     <%#  Board.all.map(&:topics).flatten.first(5).each do |topic| %>
    128:     <% tokens = @topic.subject.strip.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')} || "" %>
    129:     <% if ActiveRecord::VERSION::MAJOR >= 4 %>
    130:       <% related_topics = Message.where(tokens.map{ |t| "subject LIKE '%#{t}%'" }.join(' OR ')).to_a.compact if tokens %>
    131:     <% else %>
    132:       <% related_topics = Message.search(tokens, @project, :limit => 5)[0].select{|m| m != @topic && m.parent_id == nil }.compact if tokens %>
    133:     <% end %>
  plugins/redmine_questions/app/views/messages/show.html.erb:130:in `block in _99e0afdb384a5cb363757c730c2215d6'
  plugins/redmine_questions/app/views/messages/show.html.erb:105:in `_99e0afdb384a5cb363757c730c2215d6'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'
  plugins/redmine_dmsf/lib/redmine_dmsf/webdav/custom_middleware.rb:62:in `call'

Jean-Louis, a french user.

Actions

Also available in: Atom PDF