OrdaSoft forum
Error duplicating gallery of OS Image Gallery Pro (0 viewing)
Joomla Gallery Support
Favoured: 0
|
Error duplicating gallery of OS Image Gallery Pro
Error duplicating gallery of OS Image Gallery Pro 4 Years ago
Karma: 0
Purchased the Pro version only yesterday (01-Apr-2020).
When I try to duplicate an existing image gallery, in order to have the same gallery settings as the original gallery, I get the following error from Joomla! 3.9.16:
An error has occurred.
[1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's","load_more_background":"rgba(14, 43, 24, 1)","facebook_enable":1,"googleplus_' at line 2
[Return to Control Panel]
The error happens when using PHP 7.3 but also with PHP 7.2.
When I try to duplicate an existing image gallery, in order to have the same gallery settings as the original gallery, I get the following error from Joomla! 3.9.16:
An error has occurred.
[1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's","load_more_background":"rgba(14, 43, 24, 1)","facebook_enable":1,"googleplus_' at line 2
[Return to Control Panel]
The error happens when using PHP 7.3 but also with PHP 7.2.
Logged
The administrator has disabled public write access.
Re:Error duplicating gallery of OS Image Gallery Pro 4 Years ago
Karma: 101
Hello
Could you give to us
full FTP and supper admin access
and our team will find solution special for You, FTP and admin access You can send to our contact form.
ordasoft.com/contact-us-form
We need:
Link to website.
Detail description: How reproduce error. Step by step. Detail description: how we may reproduce this.
Site Super Admin:
username
password
FTP:
FTP host
FTP username
FTP password
Thanks,
OrdaSoft team.
P.S. Please do site backup 2 times per month
Could you give to us
full FTP and supper admin access
and our team will find solution special for You, FTP and admin access You can send to our contact form.
ordasoft.com/contact-us-form
We need:
Link to website.
Detail description: How reproduce error. Step by step. Detail description: how we may reproduce this.
Site Super Admin:
username
password
FTP:
FTP host
FTP username
FTP password
Thanks,
OrdaSoft team.
P.S. Please do site backup 2 times per month
Logged
The administrator has disabled public write access.
Re:Error duplicating gallery of OS Image Gallery Pro 4 Years ago
Karma: 0
I have solved the problem myself and I am sharing my solution with you (very kind isn't it?).
Your version OS_Gallery_package_pro_5_1_2020_03_02.zip cannot handle parameters that contain the apostrophe character (ascii #39 printed as ' ). I expect that there are also other characters that will throw an error.
Some European languages use these special characters very often (for example English and French).
Anyway, the apostrophe in the gallery name was causing the error!
Your database code is somewhat 'messy' and also contains a SECURITY RISK, because you are not escaping the DB query string! This makes the code prone to SQL injection.
The problem was in the file
/administrator/components/com_osgallery/helpers/osGalleryHelperAdmin.php
lines 1094 and 1095
The lines read:
FIX: use the Joomla! core function $db->escape() this will escape the query string.
> instead of $oldGalData->title you must use $db->escape($oldGalData->title)
> instead of $oldGalData->published you must use $db->escape($oldGalData->published)
> instead of $oldGalData->params you must use $db->escape($oldGalData-> params)
> you should NOT use the 'new line' character (backslash)n and you should code the whole $query assignment in one line OR do it properly with adding to the variable in the next line like '$query .= ......'.
WARNING: There are more instances in your code where you are writing to the DB and fail to make the query SQL SAFE. You should check all the 'INSERT INTO' and 'UPDATE #__' instances.
Please note that I only checked the above mentioned file. You should review ALL your code.
My problem is now solved!
At your service and kind regards.
Your version OS_Gallery_package_pro_5_1_2020_03_02.zip cannot handle parameters that contain the apostrophe character (ascii #39 printed as ' ). I expect that there are also other characters that will throw an error.
Some European languages use these special characters very often (for example English and French).
Anyway, the apostrophe in the gallery name was causing the error!
Your database code is somewhat 'messy' and also contains a SECURITY RISK, because you are not escaping the DB query string! This makes the code prone to SQL injection.
The problem was in the file
/administrator/components/com_osgallery/helpers/osGalleryHelperAdmin.php
lines 1094 and 1095
The lines read:
| Code: |
|
FIX: use the Joomla! core function $db->escape() this will escape the query string.
> instead of $oldGalData->title you must use $db->escape($oldGalData->title)
> instead of $oldGalData->published you must use $db->escape($oldGalData->published)
> instead of $oldGalData->params you must use $db->escape($oldGalData-> params)
> you should NOT use the 'new line' character (backslash)n and you should code the whole $query assignment in one line OR do it properly with adding to the variable in the next line like '$query .= ......'.
WARNING: There are more instances in your code where you are writing to the DB and fail to make the query SQL SAFE. You should check all the 'INSERT INTO' and 'UPDATE #__' instances.
Please note that I only checked the above mentioned file. You should review ALL your code.
My problem is now solved!
At your service and kind regards.
Logged
The administrator has disabled public write access.
Re:Error duplicating gallery of OS Image Gallery Pro 4 Years ago
Karma: 101
Hi
and I am sharing my solution with you
Thank you, we will add this to our versions
SECURITY RISK
Now images and Images info to OS Image Gallery add admin.
So if it will wish kill self site, he have more simply methods
Regards
OrdaSoft team
and I am sharing my solution with you
Thank you, we will add this to our versions
SECURITY RISK
Now images and Images info to OS Image Gallery add admin.
So if it will wish kill self site, he have more simply methods
Regards
OrdaSoft team
Logged
The administrator has disabled public write access.
 |
we support payment systems
