Jump to content

dtbaker

Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by dtbaker

  1. Found the problem!

    my customer has been trying for a week to insert a product called "Cacsade Bonsai Pot" and it has been throwing this cryptic error message:
    " an error occurred while creating object product "
    I upgraded his version of prestashop, and it was still causing issues.
    Finally tracked the problem down

    It's in prestashops query blacklist checker:

     private static $_blacklist = 'UNION|LOAD_FILE|OUTFILE|DUMPFILE|ESCAPED|TERMINATED|CASCADE|INFILE|X509|TRIGGER|REVOKE';
     public static function blacklist(&$query)
     {
        return eregi(self::$_blacklist, $query) ? true : false;
     }
    



    It thinks the "Cascade" in the product name & description is a harmful SQL query!

    The solution is:

    * SHRUG *

    I've just removed "CASCADE" from the blacklist checker so my customer can create this product, hopefully newer versions of prestashop will have a nicer sql parser, possibly something that strips out all user values between

    "[^"]*" or '[^']*'


    before checking the query. ?

    Dave

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More