Mahara Community

Forums | Mahara Community

Developers /
MySQL/MariaDB reserved Keyword - Possible bug in cron unlock_collections_by_rollover

Ma's profile picture
Ma
Posts: 14

03 June 2022, 23:52

Hello,

I just noticed errors in our logfile with cron unlock_collections_by_rollover. I'm really not sure but I think it is a bug because of the use of the reserved MySQL/MariaDB keyword 'lock' in a sql query which isn't escaped properly.

 

I think the bug got introduced in this commit: https://github.com/MaharaProject/mahara/commit/127de8f2770d605432bc9dfa03f47c400cd7a8be

 

Running core cron unlock_collections_by_rollover
mysqli error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'lock = 0
Call stack (most recent first):
  * log_message(string(size 325), integer, true, true) at /var/www/html/mahara.abc.xyz/lib/errors.php:89
  * log_warn(string(size 325)) at /var/www/html/mahara.abc.xyz/lib/errors.php:853
  * SQLException->__construct(string(size 325)) at /var/www/html/mahara.abc.xyz/lib/dml.php:182
  * execute_sql(string(size 298), array(size 1)) at /var/www/html/mahara.abc.xyz/lib/collection.php:2352
  * unlock_collections_by_rollover() at /var/www/html/mahara.abc.xyz/lib/cron.php:201

[WAR] 94 (lib/dml.php:182) Could not execute command: UPDATE "collection" SET lock = 0
[WAR] 94 (lib/dml.php:182)                  WHERE id IN (
[WAR] 94 (lib/dml.php:182)                     SELECT ct.collection FROM "collection_template" ct
[WAR] 94 (lib/dml.php:182)                     JOIN "collection" c ON c.id = ct.collection
[WAR] 94 (lib/dml.php:182)                     WHERE ct.rolloverdate < ?
[WAR] 94 (lib/dml.php:182)                     AND c.lock = 1
[WAR] 94 (lib/dml.php:182)                  )
Call stack (most recent first):
  * execute_sql() at /var/www/html/mahara.abc.xyz/lib/collection.php:2352
  * unlock_collections_by_rollover() at /var/www/html/mahara.abc.xyz/lib/cron.php:201

Robert Lyon's profile picture
Robert Lyon
Posts: 758

Re: MySQL/MariaDB reserved Keyword - Possible bug in cron unlock_collections_by_rollover

07 June 2022, 9:37

Hi Ma,

Thank you for your bug report, however this issue should have been fixed by this patch

https://reviews.mahara.org/c/mahara/+/12075/

Does your code have this fix in place?

Cheers

Robert

Ma's profile picture
Ma
Posts: 14

Re: MySQL/MariaDB reserved Keyword - Possible bug in cron unlock_collections_by_rollover

07 June 2022, 21:33

Hello Robert,

ah okay, our production system is still on version 21.04.5 and that's why we don't have that fix yet. Thanks for pointing that out!

Cheers

3 results