Issue:Problem with category containing a single quote character
| Description: | SQL error when using two categories, one containing a single quote character |
| Extension / Version: | DPL / 1.7.9 |
| Type / Status: | Bug / open |
Problem
I use DPL to list all pages that are in two categories, one is "Besoin" (Yes, I'm French) and the other one is the page name.
So I use the option "category=Besoin&{{PAGENAME}}"
When the page name contains a single quote character ', I get an SQL error. The SQL query seems to have 3 different categories : Besoin, the page name to the single quote character and an empty name.
I looked at DynamicPageList2.php, and found a way to solve my problem.
In the section of FILTER PARAMETERS, case category, $sArg contains the value of the option category. But in the case of a page name with a single quote, this character is changed into "& #39;" (with no space between & and #, I added it to bypass HTML interpretation). And the character & is interpreted later as a separator between diferent category names, which is not what is expected...
I corrected the problem in a pragmatic but not really efficient way : I added the line
$sArg = str_replace("& #39;","'",$sArg); (with no space between & and #)
before the line if (strpos($sArg,'&')!==false) {
With this modification (I can't really call it a correction), the dpl query works.
Reply
Thank you for this precise report!
Alas, I can´t reproduce the error in the current version. Please look at Bug Apo and feel free to modify the files until you can produce the error here in this demo wiki. If not - I will be happy and you should use the latest version of DPL. If you are successful I will try to be happy, too - for the greater sake of bug-free software ... ;-)
Gero 17:51, 9 July 2009 (UTC)
