CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Note api & '
Pages: [1]

Author Topic: Note api & '  (Read 709 times)

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Note api & '
March 14, 2011, 01:36:54 am
I hit a core error importing notes where there was an apostrophe in the data I was trying to import (from another DB).

Does responsibility for handling the appostrophes rest with the Civi api or the function calling it?
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Note api & '
March 14, 2011, 03:30:15 am
But works normally if you have a ' in another field (eg. name).

Should work the same for every field, and IMO that's the job of the api to sql escape and do whatever transformation.

(but we always expect and return utf8).
X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Note api & '
March 14, 2011, 09:25:20 am

escaping the ' and writing it to the DB in a valid manner (and prevent SQL injection attacks) should be the responsibility to the function that writes the data to the DB. The higher level functions (including the API) should not do any escaping (else we might escape things multiple times) unless they are doing a write call to the DB (in which case proper use of executeQuery does the escaping for u!)

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Re: Note api & '
March 14, 2011, 01:27:00 pm
OK - I added a test for the ' & it seems to be passing so need to dig further into cause of failure
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Re: Note api & '
March 14, 2011, 01:53:10 pm
Index: api/v3/utils.php
===================================================================
--- api/v3/utils.php   (revision 32992)
OK - mandatory check was allowing empty fields  to be mandatory - this fixes it for entity id & my test passes

+++ api/v3/utils.php   (working copy)
@@ -871,7 +871,7 @@
         }
 
         if ( isset( $v['required'] ) ) {
-            if ($v['required'] && !(isset($params[$k]))) {
+            if ($v['required'] && (empty($params[$k]))) {
                 $missing[] = $k;
             }
         }
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Re: Note api & '
March 14, 2011, 03:26:46 pm
Ok fixed error handling in for empty mandatory fields r33002.

Wrote some tests but need to get help from Michau on the exception tests as not working...
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Note api & '

This forum was archived on 2017-11-26.