Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

debugging problematic query triggered by category related plugin

codegruntcodegrunt New
edited January 2011 in Vanilla 2.0 - 2.8
Howdy. I am currently trying to create a custom skin for Vanilla that is closer in behaviour to a traditional forum (a la phpBB, vBulletin, etc.). Since I am new to Vanilla, I decided to try out the "Categories2DiscussionsMenu" module to see how it handles grabbing the master category list. After installing it nothing seemed to have changed. Looking at the source I see the following:

$Sender->CategoryModel = new CategoryModel(); $this->_CategoryData = $Sender->CategoryModel->GetFull();

I added a var_dump($this->_CategoryData) call to see what was returned and noticed that a bogus query was being generated:

select c.Name as `Name`, c.CategoryID as `CategoryID`, c.Description as `Description`, c.CountDiscussions as `CountDiscussions`, c.UrlCode as `UrlCode`, p.CategoryID as `ParentCategoryID`, p.Name as `ParentName` from GDN_Category c left join GDN_Category p on c.ParentCategoryID = p.CategoryID where c.AllowDiscussions = :cAllowDiscussions and 1 = 1 order by c.Sort asc

So the issue is that the CategoryModel object is somehow having its behaviour affected such that a garbage query is generated. I looked at class.CategoryModel.php and the query looks reasonable (and is used elsewhere) so I am a bit confused as to what is mangling the query.

One possibility would be the NamedParameter method in "class.sqldriver.php":

$NiceName = ':'.preg_replace('/([^\w\d_-])/', '', $Name);

My guess is that the problem is with how the query is built up in the MySQL class itself but I am hoping someone else has already cracked this nut. Any suggestions on how to track this down would be appreciated.


PS: heads up to @oliverraduner who is the author of the actual plugin.


  • Options
    Just following up on this. The issue definitely appears to be that "c.AllowDiscussions" is getting treated as named parameter for a prepared statement by the SQL driver. So I am guessing that a query somewhere is passing the wrong value for the $SQL->Set() method or Vanilla is supposed to be using prepared statements here but the plugin is getting called before they are setup properly.

    Any assistance appreciated.

  • Options
    Ok, I just updated PHP from 5.3.1 to 5.3.5 and the content is being rendered so this looks like an oddity with my PHP install. Now I just need to sort out the CSS issue that stops the menu from displaying. . .
Sign In or Register to comment.