Neighbour products do not show if product name ends in double quote VM2.0.26d

Started by optmax, January 15, 2014, 16:57:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

optmax

January 15, 2014, 16:57:09 PM Last Edit: January 16, 2014, 17:05:29 PM by optmax
VM 2.0.26d (clean install with demo data)
J! 2.5.17

On my production site I have many products with names ending in " (double quote, the abbreviation for inch).
I have 'Show product navigation?' turned on.

EDIT: Problem occurs if there is double quote anywhere within the product name
EDIT 2: Problem introduced in product model in VM2.0.25 when function getNeighborProducts was redesigned. I think special characters in the query need to be escaped and I have a work round in http://forum.virtuemart.net/index.php?topic=121530.msg414827#msg414827

Suppose I have Product A, Product B" and Product C as neighbours in that order

On Product B"  the neighbor product links do not show.  On the neighbour prducts (Product A and Product C) the links to Product B"are shown correctly.


The attached screenshots show the problem on a demo site http://vm226d.cloudaccess.net/shop/gardentools.html where I have renamed one of the demo products from Shovel to Shovel 12"

The neigbour products in  Garden Tools category are Plastic Ladder, Shovel 12", Smaller Shovel

Screenshot01 shows the five prodcts in Garden Tools category with the renamed Shovel 12"
Screenshot02 shows the correct product navigation on the Plastic Ladder details page
Screenshot03 shows the missing navigation on the Shovel 12" details page
Screenshot04 shows the correct product navigation on the Smaller Shovel details page

[attachment cleanup by admin]

optmax

#1
January 16, 2014, 02:44:54 AM

I have a workaround:
If a single quote ' is used at the end of a product name there is no problem in the neighbour product links - so I can use two single quotes '' instead of a double quote "

optmax

#2
January 16, 2014, 17:03:13 PM Last Edit: January 17, 2014, 11:05:58 AM by optmax
I have a solution...

Administrator | Components | com_virtuemart | Models | product.php

I think special characters in the query need to be escaped.

I am not sure of the best place within the code to do this but the following seems to work.

In  function getNeighborProducts at line 1487
Change
Code Select
$qm = ' AND '.$orderByName.' '.$op.' "'.$orderByValue.'" ORDER BY '.$orderByName.' '.$direction.' LIMIT 1';
to
Code Select
$qm = ' AND '.$orderByName.' '.$op.' "'.addslashes($orderByValue).'" ORDER BY '.$orderByName.' '.$direction.' LIMIT 1';

I am not sure if other fields within the query should also be treated this way - perhaps Milbo could confirm?

EDIT: Should getEscaped be used rather than addslashes?
Code Select
$qm = ' AND '.$orderByName.' '.$op.' "'. $db->getEscaped($orderByValue).'" ORDER BY '.$orderByName.' '.$direction.' LIMIT 1';

milosm

#3
March 28, 2015, 09:31:17 AM
The problem still persists in VM3. Dev team, could you please make this quick fix to avoid hacking of core files?

Milbo

#4
March 30, 2015, 02:08:07 AM
ehrm, it works for me. Maybe the difference is that I use the superadmin to store it. Please check your ACL, in special of the first vm tab.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions