12806: RemoteControl API : wrong datatype can send SQL bad request

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

12806	Bug reports	RemoteControl	public	2017-10-18 23:09	2018-01-15 10:41

Reporter	bdrhoa	Assigned To	c_schmitz
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	2.7x.x
Fixed in Version	2.7x.x

Summary	12806: RemoteControl API : wrong datatype can send SQL bad request
Description	Python Code: `def activate_survey(self, surveyToActivate): request = self._request('activate_survey', [self.key,surveyToActivate ]) return self._post(request)` Error: ERROR:root:LSRC2 error: CDbCommand failed to execute the SQL statement: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIMIT 1' at line 1
Steps To Reproduce	Execute this code with an existing survey ID: `def activate_survey(self, surveyToActivate): request = self._request('activate_survey', [self.key,surveyToActivate ]) return self._post(request)`
Additional Information	Testing against limequery.com.
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	Version 2.72.1
I will donate to the project if issue is resolved	Yes
Browser
Database type & version	limequery.com
Server OS (if known)	limequery.com
Webserver software & version (if known)	limequery.com
PHP Version	limequery.com

User List	There are no users monitoring this issue.

bdrhoa 2017-10-19 01:31 reporter ~44723	It turns out I was passing the wrong datatype to the activate_survey(). So this can be closed or better changed to minor. The api would better if the inputs where validated instead of allowing SQL errors to be generated.

DenisChenu 2017-10-19 11:01 developer ~44729	I update to «RemoteControl API : wrong datatype can send SQL bad request» But : this mean we send request without controlling value 8-O

c_schmitz 2017-10-19 18:05 administrator ~44755	Fix committed to develop branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=24196

c_schmitz 2017-10-19 18:18 administrator ~44756	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=24197

c_schmitz 2018-01-15 10:41 administrator ~45783	Version 3.0.3 released.

LimeSurvey: develop 6c61279d 2017-10-19 20:05 c_schmitz Details Diff	Fixed issue 12806: RemoteControl: wrong datatype shows SQL error	Affected Issues 12806
	mod - application/helpers/remotecontrol/remotecontrol_handle.php	Diff File
LimeSurvey: master 26988bbc 2017-10-19 20:18 c_schmitz Details Diff	Fixed issue 12806: RemoteControl: wrong datatype shows SQL error	Affected Issues 12806
	mod - application/helpers/remotecontrol/remotecontrol_handle.php	Diff File

Date Modified	Username	Field	Change
2017-10-18 23:09	bdrhoa	New Issue
2017-10-19 01:31	bdrhoa	Note Added: 44723
2017-10-19 11:00	DenisChenu	Severity	crash => minor
2017-10-19 11:00	DenisChenu	Summary	SQL Error Generated By activate_survey => RemoteControl API : wrong datatype can send SQL bad request
2017-10-19 11:01	DenisChenu	Note Added: 44729
2017-10-19 18:05	c_schmitz	Assigned To	=> c_schmitz
2017-10-19 18:05	c_schmitz	Status	new => assigned
2017-10-19 18:05	c_schmitz	Changeset attached	=> LimeSurvey develop 6c61279d
2017-10-19 18:05	c_schmitz	Note Added: 44755
2017-10-19 18:05	c_schmitz	Resolution	open => fixed
2017-10-19 18:06	c_schmitz	Status	assigned => resolved
2017-10-19 18:06	c_schmitz	Fixed in Version	=> 2.7x.x
2017-10-19 18:18	c_schmitz	Changeset attached	=> LimeSurvey master 26988bbc
2017-10-19 18:18	c_schmitz	Note Added: 44756
2018-01-15 10:41	c_schmitz	Note Added: 45783
2018-01-15 10:41	c_schmitz	Status	resolved => closed