[CRM-11582] SQL error when '%1' or '%2' are used in a Smart Group used by the ACL system - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Minor
Resolution: Fixed/Completed
Affects Version/s: 4.2.6, 4.2.7
Fix Version/s: 4.3.0
Component/s: CiviCRM Search, Core CiviCRM
Labels:
- acls
- database
- permissions
- search

Description

To reproduce:

Create a smart group out of a search whose criteria starts or ends with a wildcard character (%) followed by the digits 1 or 2. In my case, I was searching a custom field for '%2012'.

Create an ACL giving some group of users permission to view or edit the smart group.

Try to view a contact. A database error will result.

This happens because the SQL wildcard character is also used to indicate parameter replacement when Civi is building queries.

A patch is included to fix the place where I found the bug. However, is this really a larger issue? How does Civi generally avoid the conflict between the SQL wildcard usage of % and the parameter-replacement usage of %?

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

CRM_Contact_BAO_GroupContact.php.patch
2013-01-04 0:54
1 kB
Noah Miller

Issue Links

is blocked by

CRM-12976 In field of type Notes - TextArea, data Input of a $ (dollar sign) followed by one or two digits between 1 and 9 will result in deletion of the numbers.

Done/Fixed

Activity

People

Assignee:

Donald A. Lobo

Reporter:

Noah Miller

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2013-01-04 0:54

Updated:

2013-07-02 18:49

Resolved:

2013-01-11 17:36