Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11582

SQL error when '%1' or '%2' are used in a Smart Group used by the ACL system

    Details

      Description

      To reproduce:

      Create a smart group out of a search whose criteria starts or ends with a wildcard character (%) followed by the digits 1 or 2. In my case, I was searching a custom field for '%2012'.

      Create an ACL giving some group of users permission to view or edit the smart group.

      Log in as a member of that ACL-restricted group.

      Try to view a contact. A database error will result.

      This happens because the SQL wildcard character is also used to indicate parameter replacement when Civi is building queries.

      A patch is included to fix the place where I found the bug. However, is this really a larger issue? How does Civi generally avoid the conflict between the SQL wildcard usage of % and the parameter-replacement usage of %?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lobo Donald A. Lobo
                Reporter:
                noah Noah Miller
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: