Projects ⇒ Bugs ⇒ #402: Module name mangling in index.php breaks modules ⇒ CPG Dragonfly™ CMS
Bug #402 Module name mangling in index.php breaks modules
Project: Dragonfly 9.0.3 -> 9.3 Category: *CPG Core Issues
Submitted: Thursday, April 07, 2005 (20:11:16) Modified: Monday, April 11, 2005 (23:35:24)
Status: Closed Assigned to:
PHP Version: 4.3.9 HTTPD Server: Apache 2.0

View/Vote Add Comment

by: Brennor
Description:
------------
Postgres Integration:

The name mangling that is done to the $module_name variable in index.php (rev 9.13: line 47), breaks PostgreSQL.

The problem is that with the Surveys module (for example), we have a $module_name of "Surveys", which gets mangled to "surveys". We then try select a row out of _modules (line 59), where the title field matches $module_name.

For some reason MySQL is happy matching "surveys" to "Surveys". Postgres is not (though it is actually settable, but I'd rather not turn off case sensitivity for other reasons). Most other databases aren't either.

I don't know the best way to fix this, since the idea of getting rid of all captial letters is a good one.

Reproduce code:
---------------
line 47:
$module_name = strtolower(isset($_POST['name']) ? $_POST['name'] : $_GET['name']);

lines 49-51:
if (!ereg('^([a-z0-9_\-]+)$', $module_name)) {
cpg_error(sprintf(_ERROR_BAD_CHAR, strtolower(_MODULES)), _SEC_ERROR);
}

line 59:
$module = $db->sql_ufetchrow('SELECT title, custom_title, active, view, blocks, version FROM '.$prefix."_modules WHERE title='$module_name'", SQL_ASSOC, __FILE__, __LINE__);
by: DJMaze
Is there a Postgres setting to overwrite sensitivity because Dragonfly can't work with sensitivity on.
This has to do with several issues caused by mod_rewrite and other directives.
by: Brennor
When you talk about sensitivy issues with mod_rewrite and other directives, what do you mean? I can't (off the top of my head) think of what the problem would be with mod_rewrite. Then again, I haven't put alot of thought into it.

As far as PostgreSQL always returning lowercase values from the tables, that is possible to do. It requires a recompile though. So, I don't think we want to force people to do that. Also, that'd play havoc with things like usernames.

Another way to do this would be to modify the SQL, since a lowercase value is used regardless. I'm saying this because line 47 blindly lowercases every character.

Change line 59 of index.php to:

$module = $db->sql_ufetchrow('SELECT title, custom_title, active, view, blocks, version FROM '.$prefix."_modules WHERE LOWER(title)='$module_name'", SQL_ASSOC, __FILE__, __LINE__);


Changing the WHERE condition so that the lowercased version of the title field is compared against the lowercased version of the module name sucked in through the GET or POST makes ALOT of sense.
by: Brennor
Oh, just a note.

I've restored index.php from the changes I made in the first post and have only made the change from the 3rd post.

Things work great now. :)
by: DJMaze
This bug has been fixed in the CVS.

Snapshots of the sources are packaged every 6 hours; this change
will be in the next snapshot. You can grab the snapshot at the
Downloads section.

Thank you for the report, and for helping us to make CPG-Nuke 9.0.3 -> 9.1 better.
User Info

Welcome Anonymous



(Register)
Community

Support for DragonflyCMS in a other languages:

Deutsch
Español