Bug #81492

Proper quoting of database identifiers in TypoScript doesn't work with stdWrap insertData

Added by Josef Glatz over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
TypoScript
Start date:
2017-06-07
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
7.0
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Problem/Description

The DBAL comaptible

Following TypoScript throws an exception due a wrong generated MySQL command

https://github.com/jousch/TYPO3-Distribution/blob/a998a1eed9203ee8c40edc83f9a20996be12d768/app/web/typo3conf/ext/theme/Configuration/TypoScript/Base/Libs/DynamicContent.setupts#L88

lib.dynamicContent = COA
lib.dynamicContent {
    5 = LOAD_REGISTER
    5 {
        colPos.cObject = TEXT
        colPos.cObject {
            field = colPos
            ifEmpty.cObject = TEXT
            ifEmpty.cObject {
                value.current = 1
                ifEmpty = 0
            }
        }
        pageUid.cObject = TEXT
        pageUid.cObject {
            field = pageUid
            ifEmpty.data = TSFE:id
        }
        contentFromPid.cObject = TEXT
        contentFromPid.cObject {
            data = DB:pages:{register:pageUid}:content_from_pid
            data.insertData = 1
        }
        wrap.cObject = TEXT
        wrap.cObject {
            field = wrap
        }
        maxItems.cObject = TEXT
        maxItems.cObject {
            field = maxItems
            ifEmpty =
        }
    }
    20 = CONTENT
    20 {
        table = tt_content
        select {
            includeRecordsWithoutDefaultTranslation = 1
            orderBy = sorting
            where = {#colPos}={register:colPos}
            where.insertData = 1
            pidInList.data = register:pageUid
            pidInList.override.data = register:contentFromPid
            max.data = register:maxItems
            // select.languageField setting is needed if you use this typoscript in TYPO3 < v7
            // languageField = sys_language_uid
        }
        stdWrap {
            dataWrap = {register:wrap}
            required = 1
        }
    }
    90 = RESTORE_REGISTER
}

Exception

An exception occurred while executing '
SELECT * 
FROM `tt_content` 
WHERE (
    `tt_content`.`pid` IN (18)) AND (=1) AND (`tt_content`.`sys_language_uid` = 0) AND ((`tt_content`.`deleted` = 0) 
AND (`tt_content`.`t3ver_state` <= 0) AND (`tt_content`.`pid` <> -1) AND (`tt_content`.`hidden` = 0) AND 
(`tt_content`.`starttime` <= 1496779800) AND ((`tt_content`.`endtime` = 0) OR (`tt_content`.`endtime` > 
1496779800)) AND (((`tt_content`.`fe_group` = '') OR (`tt_content`.`fe_group` IS NULL) OR (`tt_content`.`fe_group`
 = '0') OR (FIND_IN_SET('0', `tt_content`.`fe_group`)) OR (FIND_IN_SET('-1', `tt_content`.`fe_group`))))) 
ORDER BY `sorting` ASC': 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=1) AND (`tt_content`.`sys_language_uid` = 0) AND ((`tt_content`.`deleted` = 0) ' at line 1

The same typoscript is also used by Benji's ext:bootstrap_package. If he/we want to make the DBAL compatible it will of course throw the same error.

I'm not that deep into database relevant stuff, but could it something have to do with the insertData stdWrap function?

It seems like https://docs.typo3.org/typo3cms/extensions/core/8.7/Changelog/8.7/Important-80506-DbalCompatibleFieldQuotingInTypoScript.html needs more code/love (#80506).


Related issues

Related to TYPO3 Core - Task #80506: Enable proper quoting of database fields in Typoscript Closed 2017-03-28

Associated revisions

Revision c8b3703e (diff)
Added by Jigal van Hemert over 2 years ago

[BUGFIX] Skip quoted fields in insertData

While parsing the input value for expressions inside curly brackets
it must skip quoted field names which are also in curly brackets
but start with a '#'.

Resolves: #81492
Related: #80506
Releases: master, 8.7
Change-Id: Ic58fcdcbb68108ac77da746db3e6a442515ce7ea
Reviewed-on: https://review.typo3.org/53172
Tested-by: TYPO3com <>
Reviewed-by: Anja Leichsenring <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>

Revision 109e0c02 (diff)
Added by Jigal van Hemert over 2 years ago

[BUGFIX] Skip quoted fields in insertData

While parsing the input value for expressions inside curly brackets
it must skip quoted field names which are also in curly brackets
but start with a '#'.

Resolves: #81492
Related: #80506
Releases: master, 8.7
Change-Id: Ic58fcdcbb68108ac77da746db3e6a442515ce7ea
Reviewed-on: https://review.typo3.org/53277
Tested-by: TYPO3com <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>

History

#1 Updated by Josef Glatz over 2 years ago

  • Related to Task #80506: Enable proper quoting of database fields in Typoscript added

#2 Updated by Josef Glatz over 2 years ago

  • Target version changed from next-patchlevel to Candidate for patchlevel

#3 Updated by Georg Ringer over 2 years ago

  • Description updated (diff)

#4 Updated by Georg Ringer over 2 years ago

  • Status changed from New to Accepted

The problem is that \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::insertData transforms {#colPos}={register:colPos} into =1 which creates then of course the invalid SQL.

#5 Updated by Gerrit Code Review over 2 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#6 Updated by Gerrit Code Review over 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#7 Updated by Gerrit Code Review over 2 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#8 Updated by Gerrit Code Review over 2 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#9 Updated by Gerrit Code Review over 2 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#10 Updated by Gerrit Code Review over 2 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

#11 Updated by Gerrit Code Review over 2 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53277

#12 Updated by Jigal van Hemert over 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#13 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF