phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0009983phplist applicationMessage Managementpublic13-05-07 21:0819-05-15 17:23
Reporterbhugh 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.10.2 
Target Version2.10.13Fixed in Version2.10.14 
Summary0009983: parentheses missing in sql statements in stacked criteria code, send_core.php
DescriptionNeeded parentheses seem to be missing in a least a couple of spots (perhaps more!) in send_core.php.

Since "and" statements are evaluated first, the omitted parens gives a wrong answer!

These are around line 713 and line 747 in cases "checkboxgroup" and "checkbox".

        //hmm these seem to need parentheses

// $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
// and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause);

        $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
          and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause);



        //bhugh, 5-2007, hmm these seem to need parentheses
// $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
// and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect);

        $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
          and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect);


There may be other similar places but these are the ones I spotted.
Additional InformationThe result of the buggy code is a query like this:

select userid from phplist_user_user_attribute as table0 where attributeid = 34 and table0.value = "" or table0.value = "0" or table0.value = "off"


Corrected code is like this:

select userid from phplist_user_user_attribute as table0 where attributeid = 34 and ( table0.value = "" or table0.value = "0" or table0.value = "off" )
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to 0015454resolvedmichiel phplist application database error 1064 when stacking attributes in 2.10.12 
related to 0015565new phpList plugins Incorrect record selection in Stacked Criteria 

-  Notes
(0050491)
user4402
16-02-09 13:29

Closing issue because it is too old. If you feel it is still relevant please add again and give the new context. Thanks!
(0051007)
h2b2 (manager)
11-05-10 04:18

Reopened for re-evaluation
(0051141)
spiro (reporter)
09-12-10 12:16

Having done lots of testing with v2.10.12 I found that it did help to solve some record selection issues in stacked attributes when the above parentheses were added. I posted my findings from testing stacked attributes in the following forum post. http://forums.phplist.com/viewtopic.php?f=17&t=34980 [^]
(0051183)
michiel (manager)
28-04-11 17:16

wow, that's quite an old issue. Thanks for reporting and verifying.

http://phplist.svn.sourceforge.net/phplist/?rev=2650&view=rev [^]


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker