Home Downloads Forums Shop FAQs Blog Contact Demo Login
Home
/
Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Forums

Wrong Escaping of CONCAT_WS()/CONCAT() statement in data read

WordPress ChronoForms v7
Co
Collie-IT 05 Aug, 2020
Dear Support,
there is an escapping issue on database read.
CONCATE/CONCATE_WS added strings to getther. I will generate a string of name und adress of a customer. 
CONCAT_WS("-", client.firstname , client.lastname);
https://www.w3schools.com/sql/func_mysql_concat_ws.asp

If I use the data read querry fields function there is a escaping that fires worng. 

SELECT CONCAT_WS(`client`.`"-",` client.Firstname,  client.Lastname) AS `client.clientname`,

Is there a posibility to fix this?

Best regards
Collie-IT
Co
Collie-IT 05 Aug, 2020
I tracked the issue to the _fields wp-content\plugins\chronoforms7\chronog3\libs\model.php Line 120 and following
public function quote($string, $type = 'field', $addAlias = true){
the function will be recursiv called on line 142
return str_replace($field_name, $this->quote($field_name, 'field'), $string);
and returns the wrong results then.
he
healyhatman 06 Aug, 2020
What happens when you use single quotes instead of double
Co
Collie-IT 06 Aug, 2020
It will return the same issue. Because there is a check if a >.< is in.
 if(strpos($string, '.') !== false

I have updated quote as following to get it working. But it is not so pritty feel free to make it better.
public function quote($string, $type = 'field', $addAlias = true){
 if($type == 'field'){
 
   if($string == '*'){
     return $string;
   }
    
   if(strpos($string, '(') === 0){
     return $this->_cleanString($string);
   }
 
  
   if(strpos($string, '(') !== false){
 
     preg_match('/[(](.*)[)]/', $string, $field_name);
 
     if(!empty($field_name[1])  && strpos($string, "'") === false && strpos($string, '"') === false){
 
        $field_name = $field_name[1];
        $pieces = explode(' ', $field_name);
        if(count($pieces) > 1){
          $field_name = array_shift($pieces);
        }
 
        return str_replace($field_name, $this->quote($field_name, 'field'), $string);
 
     }
   }
 
   
   if(strpos($string, '.') !== false  && strpos($string, "'") === false && strpos($string, '"') === false){
     
 
     $strings = explode('.', $string, 2);
     $strings[0] = $this->dbo->quoteName($strings[0]);
     $strings[1] = ($strings[1] == '*') ? $strings[1] : $this->dbo->quoteName($strings[1]);
     return implode('.', $strings);
    }else{
 
      if($addAlias AND !empty($this->alias ) ){
        if(  strpos($string, "'") === false && strpos($string, '"') === false){
           return $this->quote($this->_addAlias($string));
        }else{
           return $string;
        }
      }else{
        return $this->dbo->quoteName($string);
      }
    }
 }else if($type == 'alias'){
    if(!empty($this->alias) AND strpos($string, '.') === false){
      return $this->quote($this->_addAlias($string), 'alias');
     }
     
    $strings = explode('.', $string);
    if(count($strings) > 2){
      return $this->dbo->quoteName(array_shift($strings)).'.'.$this->dbo->quoteName(implode('.', $strings));
    }else{
      return $this->dbo->quoteName($string);
    }
 }else if($type == 'table'){
    return $this->dbo->quoteName($string);
 }else if($type == 'value'){
    return $this->dbo->quote($string);
 }
}
This topic is locked and no more replies can be posted.

VPS & Email Hosting 20% discount
hostinger

Terms Of Use Privacy Policy Business Partners

We accept paypal logo  stripe logo

© 2006 - 2025 ChronoEngine.com