Actions

Copy link

Bug #81492

closed

Proper quoting of database identifiers in TypoScript doesn't work with stdWrap insertData

Added by Josef Glatz almost 7 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Category:

TypoScript

Target version:

Candidate for patchlevel

Start date:

2017-06-07

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

7.0

Tags:

Complexity:

Is Regression:

Yes

Sprint Focus:

Description

Problem/Description¶

The DBAL comaptible

Following TypoScript throws an exception due a wrong generated MySQL command¶

https://github.com/jousch/TYPO3-Distribution/blob/a998a1eed9203ee8c40edc83f9a20996be12d768/app/web/typo3conf/ext/theme/Configuration/TypoScript/Base/Libs/DynamicContent.setupts#L88

lib.dynamicContent = COA
lib.dynamicContent {
    5 = LOAD_REGISTER
    5 {
        colPos.cObject = TEXT
        colPos.cObject {
            field = colPos
            ifEmpty.cObject = TEXT
            ifEmpty.cObject {
                value.current = 1
                ifEmpty = 0
            }
        }
        pageUid.cObject = TEXT
        pageUid.cObject {
            field = pageUid
            ifEmpty.data = TSFE:id
        }
        contentFromPid.cObject = TEXT
        contentFromPid.cObject {
            data = DB:pages:{register:pageUid}:content_from_pid
            data.insertData = 1
        }
        wrap.cObject = TEXT
        wrap.cObject {
            field = wrap
        }
        maxItems.cObject = TEXT
        maxItems.cObject {
            field = maxItems
            ifEmpty =
        }
    }
    20 = CONTENT
    20 {
        table = tt_content
        select {
            includeRecordsWithoutDefaultTranslation = 1
            orderBy = sorting
            where = {#colPos}={register:colPos}
            where.insertData = 1
            pidInList.data = register:pageUid
            pidInList.override.data = register:contentFromPid
            max.data = register:maxItems
            // select.languageField setting is needed if you use this typoscript in TYPO3 < v7
            // languageField = sys_language_uid
        }
        stdWrap {
            dataWrap = {register:wrap}
            required = 1
        }
    }
    90 = RESTORE_REGISTER
}

Exception¶

An exception occurred while executing '
SELECT * 
FROM `tt_content` 
WHERE (
    `tt_content`.`pid` IN (18)) AND (=1) AND (`tt_content`.`sys_language_uid` = 0) AND ((`tt_content`.`deleted` = 0) 
AND (`tt_content`.`t3ver_state` <= 0) AND (`tt_content`.`pid` <> -1) AND (`tt_content`.`hidden` = 0) AND 
(`tt_content`.`starttime` <= 1496779800) AND ((`tt_content`.`endtime` = 0) OR (`tt_content`.`endtime` > 
1496779800)) AND (((`tt_content`.`fe_group` = '') OR (`tt_content`.`fe_group` IS NULL) OR (`tt_content`.`fe_group`
 = '0') OR (FIND_IN_SET('0', `tt_content`.`fe_group`)) OR (FIND_IN_SET('-1', `tt_content`.`fe_group`))))) 
ORDER BY `sorting` ASC': 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=1) AND (`tt_content`.`sys_language_uid` = 0) AND ((`tt_content`.`deleted` = 0) ' at line 1

The same typoscript is also used by Benji's ext:bootstrap_package. If he/we want to make the DBAL compatible it will of course throw the same error.¶

I'm not that deep into database relevant stuff, but could it something have to do with the insertData stdWrap function?

It seems like https://docs.typo3.org/typo3cms/extensions/core/8.7/Changelog/8.7/Important-80506-DbalCompatibleFieldQuotingInTypoScript.html needs more code/love (#80506).

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Josef Glatz almost 7 years ago

Related to Task #80506: Enable proper quoting of database fields in Typoscript added

Actions

Copy link

Updated by Josef Glatz almost 7 years ago

Target version changed from next-patchlevel to Candidate for patchlevel

Actions

Copy link

Updated by Georg Ringer almost 7 years ago

Description updated (diff)

Actions

Copy link

Updated by Georg Ringer almost 7 years ago

Status changed from New to Accepted

The problem is that \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::insertData transforms {#colPos}={register:colPos} into =1 which creates then of course the invalid SQL.

Actions

Copy link

Updated by Gerrit Code Review almost 7 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

Updated by Gerrit Code Review almost 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

Updated by Gerrit Code Review almost 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

Updated by Gerrit Code Review almost 7 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

Updated by Gerrit Code Review almost 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

#10

Updated by Gerrit Code Review almost 7 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53172

Actions

Copy link

#11

Updated by Gerrit Code Review almost 7 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53277

Actions

Copy link

#12