Bug #36302
Posting a new Issue
| Status: | Rejected | Start date: | 2012-04-18 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| TYPO3 Version: | 4.5 | Tags: | ||
| PHP Version: | Reporter: | |||
| Has patch: | No | |||
| Votes: | 0 |
Description
ends up in a 403-error at this time.
History
Updated by Gisèle Wendl about 1 year ago
- Project changed from forge.typo3.org to Commenting system (comments)
Posting to Ratings results in 403-Error. I need to post this here, it concerns comments quite a lot:
In class.tx_ratings_ajax.php, function updateRating() is a problem I wonder why it has not been seen before ... It's this:
$GLOBALS['TYPO3_DB']->exec_UPDATEquery('tx_ratings_data', $dataWhere,
array(
'vote_count' => 'vote_count+1',
'rating' => 'rating+' . intval($this->rating),
'tstamp' => time(),
), 'vote_count,rating');
This fails because 'vote_count+1' is sent as literal to the DB (MySQL 5.0/5.1)
by exec_UPDATEquery
$GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_ratings_data SET vote_count=vote_count+1,rating=rating+" . intval($this->rating) .", tstamp=" . time() . " WHERE " . $dataWhere );
This works and should replace the above lines asap - ratings are not possible like this.
Updated by Ingo Renner 5 months ago
- Status changed from New to Rejected
- Patch is reviewed set to No
- Has patch set to No
- TYPO3 Version set to 4.5
belongs to EXT:ratings, but can't move it there since it seems closed.