Keywords with double quotes can't be removed from keyword list Keywords with double quotes can't be removed from keyword list
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Keywords with double quotes can't be removed from keyword list

Started by Joachim Müller, April 08, 2005, 08:45:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Joachim Müller

krkeegan by PM:
Quote from: krkeegan
Sorry I can't post to the dev board and I see you are a frequent contributor and I thought you could post this for me.

I was trying to create a multiword keyword by enclosing the words in double quotes. This wasn't a good idea. Is there a feature to allow for something similar to "Christmas 2004" without having them as two different keywords?

Back to the main problem. The double quotes have really thrown cpg for a loop. I ended up with "Christmas as a keyword and now I can't edit or delete it. I had to use phpAdmin to delete the entries in the database. I guess what I am saying is that there should be a filter to prevent double quotes from being added as a keyword.

Thanks
Kevin
In the future, do not PM dev team members, but post in another sub-board where you can actually post. Make sure to say in your posting that you're refering to the devel version and that you're filing a bug report.
This is a known issue as far as delimiting of keywords is concerned: I agree it would be nice if you could select what char to use a delimiter for keywords, but currently this is simply not possible, and won't be added to cpg1.4.x (as we have a feature freeze).

Testing your report on the issues with not being able to remove keywords that contain double quotes I can confirm your findings: once you have words with double quotes as keywords, keywordmgr.php can't delete them. Will need looking into. Any dev team member care to assign this issue to himself?

Joachim

Tranz

I've found that using connecting characters will keep multi-word keywords together. Like San_Francisco or San-Francisco in the keyword field will work when searching for "San Francisco"

The underscore would make more sense when using it to replace spaces.

donnoman


donnoman

what if we just addslashed the data before writing to the db, and after accepting the search criteria and stripslahed before rendering the keywords?

Joachim Müller

yeah, must be something along those lines. Please keep in mind that the keywords are being used for the new "link file by keyword" feature as well, so this has to be taken care of when fixing.

Joachim

donnoman


Joachim Müller

not sure what you mean. The actual bug (and it is a real bug, you can't remove the keywords at all) should be fixed for cpg1.4 - but that means just the deletion issue, not the whole matter of delimiting keywrds. The structural change "different keyword management" should wait for 1.5

Joachim

donnoman

Found the culprit, the problem was in init.inc.php there could be some fallout from the fix.

original gpc processing:

// Do some cleanup in GET, POST and cookie data and un-register global vars
$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;');
if (get_magic_quotes_gpc()) {
   if (is_array($_POST)) {
       foreach ($_POST as $key => $value) {
           if (!is_array($value))
               $_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_GET)) {
       foreach ($_GET as $key => $value) {
           $_GET[$key] = strtr(stripslashes($value), $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_COOKIE)) {
       foreach ($_COOKIE as $key => $value) {
           if (!is_array($value))
               $_COOKIE[$key] = stripslashes($value);
           if (isset($$key)) unset($$key);
       }
   }
   if (is_array($_REQUEST)) {
       foreach ($_REQUEST as $key => $value) {
           if (!is_array($value))
               $_REQUEST[$key] = stripslashes($value);
           if (isset($$key)) unset($$key);
       }
   }
} else {
   if (is_array($_POST)) {
       foreach ($_POST as $key => $value) {
           if (!is_array($value))
               $_POST[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_GET)) {
       foreach ($_GET as $key => $value) {
           $_GET[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_COOKIE)) {
       foreach ($_COOKIE as $key => $value) {
           if (isset($$key)) unset($$key);
       }
   }
   if (is_array($_REQUEST)) {
       foreach ($_REQUEST as $key => $value) {
           if (!is_array($value))
               $_REQUEST[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }
}


The edipics code used POST vars, so they got $HTML_SUBST and the keywords written to the db would be like "&quot;Hello World&quot;"

Keywordmgr.php uses the REQUEST vars, where if you were running with magic_quotes on, the request vars weren't being HTML_SUBT'd. If you had magic_quotes off then it worked fine.

So when it tried to find a match the actual test was "\"Hello" vs "&quot;Hello" which of course was not equiv, so the keyword would never be deleted.

Not "HTML_SUBST"ing the request vars was an oversight, however there may be some implications in the DB if data HAD been written using an unfiltered REQUEST VAR. We will just have to see.

fixed gpc processing:

// Do some cleanup in GET, POST and cookie data and un-register global vars
$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;');
if (get_magic_quotes_gpc()) {
   if (is_array($_POST)) {
       foreach ($_POST as $key => $value) {
           if (!is_array($value))
               $_POST[$key] = strtr(stripslashes($value), $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_GET)) {
       foreach ($_GET as $key => $value) {
           $_GET[$key] = strtr(stripslashes($value), $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_COOKIE)) {
       foreach ($_COOKIE as $key => $value) {
           if (!is_array($value))
               $_COOKIE[$key] = stripslashes($value);
           if (isset($$key)) unset($$key);
       }
   }
   if (is_array($_REQUEST)) {
       foreach ($_REQUEST as $key => $value) {
           if (!is_array($value))
               $_REQUEST[$key] = strtr(stripslashes($value), $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }
} else {
   if (is_array($_POST)) {
       foreach ($_POST as $key => $value) {
           if (!is_array($value))
               $_POST[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_GET)) {
       foreach ($_GET as $key => $value) {
           $_GET[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }

   if (is_array($_COOKIE)) {
       foreach ($_COOKIE as $key => $value) {
           if (isset($$key)) unset($$key);
       }
   }
   if (is_array($_REQUEST)) {
       foreach ($_REQUEST as $key => $value) {
           if (!is_array($value))
               $_REQUEST[$key] = strtr($value, $HTML_SUBST);
           if (isset($$key)) unset($$key);
       }
   }
}


fix committed, needs to be tested and marked fixed.

krkeegan

#8
This is in response to this thread

Sorry I am not able to post to the dev board, if an admin could me my post I would appreciate it.

Yes the update to init.inc.php appears to have worked properly. I was able to delete the double quotes as advertised. This is a good fix for this version. I think in the future we should consider double quotes as a method to join keywords, however in the mean time the underscore is a good substitute for this idea.

Thanks

Kevin

Added 4/13/05
In response to the comment by donnoman below. Sorry I can't even reply to messages in the dev board.
There are no stupid questions, only stupid people. -Mr. Mackey, South Park

donnoman

@krkeegan you should be able to reply to a thread on the bug boards, you just can't make new topics.


Joachim Müller

Quote from: krkeegan on April 13, 2005, 07:41:54 AM
Added 4/13/05
In response to the comment by donnoman below. Sorry I can't even reply to messages in the dev board.
Please try again.

Joachim

krkeegan

There are no stupid questions, only stupid people. -Mr. Mackey, South Park

errormessage

I've read through this thread and replaced the code as indicated.  I still can't delete ANY keyword using the manage keyword tool.  It appears to delete the word, but refreshes with the same keyword.  My inititial mistake was to include a comma after listing keywords (ex. funny, woman, shoes), giving me the following keywords: funny funny, woman woman, shoes shoes,.

donnoman

I can't reproduce your problem.  Comma's in the keyword fields is working as expected on my dev install.


errormessage

The double words you see in the list are ones I entered in the keywords field with a comma - before I caught the problem.  It may be an anomaly in my case, but nevertheless, the real problem is that I can't delete ANY keywords.  Can keywords be deleted manually, and if so, where are they located?

Thanks,

Rob

 "Christian"   Christian  search for "Christian" in new window
 "Christian,"   Christian,  search for "Christian," in new window
 "Cory"   Cory  search for "Cory" in new window
 "Cory,"   Cory,  search for "Cory," in new window
 "Cristian"   Cristian  search for "Cristian" in new window
 "Danny"   Danny  search for "Danny" in new window
 "doctor"   doctor  search for "doctor" in new window
 "donald"   donald  search for "donald" in new window
 "earring"   earring  search for "earring" in new window
 "Eric"   Eric  search for "Eric" in new window
 "food"   food  search for "food" in new window
 "football"   football  search for "football" in new window
 "Freddy"   Freddy  search for "Freddy" in new window
 "Freddy,"   Freddy,  search for "Freddy," in new window
 "guitar"   guitar  search for "guitar" in new window
 "Jason"   Jason  search for "Jason" in new window
 "Jason,"   Jason,  search for "Jason," in new window
 "Jordan"   Jordan  search for "Jordan" in new window
 "Jordan,"   Jordan,  search for "Jordan," in new window
 "kiss"   kiss  search for "kiss" in new window
 "lake"   lake  search for "lake" in new window
 "Menor,"   Menor,  search for "Menor," in new window
 "Mentor"   Mentor  search for "Mentor" in new window
 "Mentor,"   Mentor,  search for "Mentor," in new window
 "Muki"   Muki  search for "Muki" in new window
 "muscle"   muscle  search for "muscle" in new window
 "muscle,"   muscle,  search for "muscle," in new window
 "muscles"   muscles  search for "muscles" in new window
 "Robert"   Robert  search for "Robert" in new window
 "Robert,"   Robert,  search for "Robert," in new window
 "Sanel"   Sanel  search for "Sanel" in new window

Joachim Müller