Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
3.3.5
-
None
-
None
Description
PHPBB3-16870 introduced a regression in phpBB 3.3.5
The bug in 3.3.5 can be demonstrated with the following migration function that does nothing more than create a JSON-encoded string as a $config variable. The function works correctly in previous versions of phpBB...
public function update_data() |
|
{ return array( array('config.add', array('dd_migrationbug', '\{"A":"101a","B":"102b","C":"103c","D":"104d","E":"105e","F":"106f","G":"107g","H":"108h","I":"109i","J":"110j","K":"111k","L":"112l","M":"113m","N":"114n","O":"115o","P":"116p","Q":"117q","R":"118r","S":"119s","T":"120t"} |
'))
|
);
|
}
|
The issue is in the [c]phpbb/config/db[/c].php file. The [c]set_atomic()[/c] function now contains the following in its INSERT query:
'config_name' => $this->db->sql_escape($key), |
'config_value' => $this->db->sql_escape($new_value), |
All previous versions of phpBB contained the following:
'config_name' => $key, |
'config_value' => $new_value, |
The use of [c]sql_escape()[/c] is incorrect – the [c]sql_build_array()[/c] function also calls this function with strings, which means the string is being double-escaped.
This is creating TON of issues with extensions using migration like my example above..
Hopefully you can amend this. (or maybe revert the ticket/changes? )
Thanks!
Attachments
Issue Links
- was caused by solution of
-
-
- Closed
-