Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21776

Simple FieldValue Criterion handler does not escape value when used with CONTAINS operator

    XMLWordPrintable

Details

    Description

      When string value is given in a Criterion on a field handled by Simple value handler and using CONTAINS operator, invalid query is created resulting in PDO error.

      Solution: value needs to be bound (bindValue()).

      Attachments

        Activity

          People

            Unassigned Unassigned
            petar.spanja-obsolete@ez.no Petar Spanja (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m