View Issue Details

IDProjectCategoryView StatusLast Update
0009983phpList 3 applicationMessage Managementpublic19-05-15 16:23
Reporterbhugh 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.2 
Target Version2.10.13Fixed in Version2.10.14 
Summary0009983: parentheses missing in sql statements in stacked criteria code, send_core.php
DescriptionNeeded parentheses seem to be missing in a least a couple of spots (perhaps more!) in send_core.php.

Since "and" statements are evaluated first, the omitted parens gives a wrong answer!

These are around line 713 and line 747 in cases "checkboxgroup" and "checkbox".

        //hmm these seem to need parentheses

// $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
// and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause);

        $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
          and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause);



        //bhugh, 5-2007, hmm these seem to need parentheses
// $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
// and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect);

        $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
          and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect);


There may be other similar places but these are the ones I spotted.
Additional InformationThe result of the buggy code is a query like this:

select userid from phplist_user_user_attribute as table0 where attributeid = 34 and table0.value = "" or table0.value = "0" or table0.value = "off"


Corrected code is like this:

select userid from phplist_user_user_attribute as table0 where attributeid = 34 and ( table0.value = "" or table0.value = "0" or table0.value = "off" )
TagsNo tags attached.

Relationships

related to 0015454 resolvedmichiel phpList 3 application database error 1064 when stacking attributes in 2.10.12 
related to 0015565 new phpList 3 plugins Incorrect record selection in Stacked Criteria 

Activities

user4402

16-02-09 13:29

  ~0050491

Closing issue because it is too old. If you feel it is still relevant please add again and give the new context. Thanks!

h2b2

11-05-10 03:18

manager   ~0051007

Reopened for re-evaluation

spiro

09-12-10 12:16

reporter   ~0051141

Having done lots of testing with v2.10.12 I found that it did help to solve some record selection issues in stacked attributes when the above parentheses were added. I posted my findings from testing stacked attributes in the following forum post. http://forums.phplist.com/viewtopic.php?f=17&t=34980

michiel

28-04-11 16:16

manager   ~0051183

wow, that's quite an old issue. Thanks for reporting and verifying.

http://phplist.svn.sourceforge.net/phplist/?rev=2650&view=rev