#10890 closed defect (fixed)
OperationalError: near "13": syntax error
Reported by: | Douglas Marquardt | Owned by: | falkb |
---|---|---|---|
Priority: | normal | Component: | SimpleMultiProjectPlugin |
Severity: | normal | Keywords: | |
Cc: | Trac Release: |
Description
After installing this plugin, I got the attached error when I click at Roadmaps.
Attachments (1)
Change History (24)
comment:1 follow-up: 3 Changed 12 years ago by
comment:3 follow-up: 5 Changed 12 years ago by
Replying to douglasmarquardt@gmail.com:
I can't add any comment here. http://trac-hacks.org/ is giving me an error.
What is the error? Was it rejecting the content as spam? That is a known problem that we can't do much about atm, but it might help if you register for an account.
comment:4 follow-up: 6 Changed 12 years ago by
Your file reports a syntax error which is quite strange. I also have Trac 1.0 with SQLite and it works pretty well. What does that "13" mean in your error message OperationalError: near "13": syntax error
? Have you accidentally edited the file and inserted 13?
comment:5 follow-up: 7 Changed 12 years ago by
Replying to rjollos:
Replying to douglasmarquardt@gmail.com:
I can't add any comment here. http://trac-hacks.org/ is giving me an error.
What is the error? Was it rejecting the content as spam? That is a known problem that we can't do much about atm, but it might help if you register for an account.
I could add comments and attachments after that. I'm sorry, but I didn't save the error I got. The http://trac-hacks.org is working now.
comment:6 Changed 12 years ago by
Replying to falkb:
Your file reports a syntax error which is quite strange. I also have Trac 1.0 with SQLite and it works pretty well. What does that "13" mean in your error message
OperationalError: near "13": syntax error
? Have you accidentally edited the file and inserted 13?
No, I didn't edited any file. I don't use to customize any Trac and/or plugin code. I don't know what that mean either. One detail is that if disable the "SmpRoadmapProject — Groups milestones by 'Project'" checkbox at the plugins' admin page, I can load the Roadmap page successfully. However, the unchecked feature is not being presented of course.
comment:7 Changed 12 years ago by
Replying to douglasmarquardt@gmail.com:
I could add comments and attachments after that. I'm sorry, but I didn't save the error I got.
It was probably the common "database is locked error" then. That's another that doesn't have a quick fix, but usually the problem will go away after a short wait.
comment:8 Changed 12 years ago by
Can you open trac.db with Sqlitedatabasebrowser and tell me if table smp_milestone_project exists? What is the sources of your "build/bdist.linux-i686/egg/trac/db/sqlite_backend.py", line 48? A click on the callstack should tell you.
comment:9 Changed 12 years ago by
The table exists. I used the Linux sqlite3 program to open the database and check the smp_milestone_project existence. It's there.
sdadm:/trac_root/db# sqlite3 trac.db SQLite version 3.5.9 Enter ".help" for instructions sqlite> .schema smp_milestone_project CREATE TABLE smp_milestone_project ( id integer PRIMARY KEY, milestone varchar(255), id_project integer );
Please find below what it has at the line 48
43 sqlite_version_string = sqlite.sqlite_version 44 45 class PyFormatCursor(sqlite.Cursor): 46 def _rollback_on_error(self, function, *args, **kwargs): 47 try: 48 return function(self, *args, **kwargs) 49 except sqlite.DatabaseError: 50 self.cnx.rollback() 51 raise 52 def execute(self, sql, args=None): 53 if args:
comment:10 Changed 12 years ago by
no idea anymore :( Is milestone that goes into function get_project_milestone() maybe None here? Can you check this?
comment:11 follow-up: 18 Changed 12 years ago by
or is 13 probably the name of the milestone or of the project?
comment:12 Changed 12 years ago by
It seems that the plugin has SQL injection. When the milestone name is Project'13
, that issue probably will happen. We must not use string-formatting. See t:wiki:TracDev/DatabaseApi#Parameterpassing.
The example is the following. The other methods in model.py
have still the same issue.
-
simplemultiproject/model.py
208 208 smp_project AS p, 209 209 smp_milestone_project AS m 210 210 WHERE 211 m.milestone= '%s'and212 m.id_project = p.id_project""" % (milestone)211 m.milestone=%s and 212 m.id_project = p.id_project""" 213 213 214 cursor.execute(query )214 cursor.execute(query, [milestone]) 215 215 return cursor.fetchone() 216 216 217 217 def get_id_project_milestone(self,milestone):
comment:14 Changed 12 years ago by
again I've learnt a lot, thanks for the review! I'm gonna patch it on Monday... stay tuned
comment:15 Changed 12 years ago by
Owner: | changed from Christopher Paredes to falkb |
---|---|
Status: | new → assigned |
comment:16 Changed 12 years ago by
comment:17 follow-up: 19 Changed 12 years ago by
comment:18 Changed 12 years ago by
Replying to falkb:
or is 13 probably the name of the milestone or of the project?
Yes, there are milestones with the current year out there, like "SD/DECS June'13 Release IT1"
comment:19 Changed 12 years ago by
comment:20 Changed 12 years ago by
You just have to download the latest version, or update from SVN. I've committed the patch already.
comment:21 Changed 12 years ago by
I downloaded the latest version and updated my Trac instance. All is working fine now. Thank you very much for all the help.
comment:22 Changed 12 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
You're welcome. It's another piece in the puzzle of stability. Kudos to jun66j5.
I can't add any comment here. http://trac-hacks.org/ is giving me an error.