search

magefan / module-blog

Magento 2 Blog Extension is a solution that helps you to create a blog on Magento and manage posts,categories, tags, authors, and comments.
https://magefan.com/magento2-blog-extension
Other
265 stars 136 forks source link

SQL Injection #228

Closed aario closed 5 years ago

aario commented 5 years ago

Try navigating to: http://127.0.0.1/index.php/blog/search/%22 (Putting a " as the only search term, the resulting sql query has AGAINST (""" with three " and the second one is the one from search term (You can imagine other tricks as well), and so you get:

2 exception(s):
Exception #0 (Zend_Db_Statement_Exception): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN ' at line 1, query was: SELECT `main_table`.*, (0               + FORMAT(MATCH (title, meta_keywords, meta_description, identifier, content) AGAINST ("""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN `magefan_blog_post_store` AS `store_table` ON main_table.post_id = store_table.post_id WHERE (`is_active` = '1') AND (`publish_time` <= '2019-02-27 14:54:43') AND ((`title` LIKE '%\"%') OR (`short_content` LIKE '%\"%') OR (`content` LIKE '%\"%')) AND (store_table.store_id IN('1', 0)) GROUP BY `main_table`.`post_id` ORDER BY search_rate DESC, publish_time DESC
 LIMIT 10
Exception #1 (PDOException): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN ' at line 1

Exception #0 (Zend_Db_Statement_Exception): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN ' at line 1, query was: SELECT `main_table`.*, (0               + FORMAT(MATCH (title, meta_keywords, meta_description, identifier, content) AGAINST ("""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN `magefan_blog_post_store` AS `store_table` ON main_table.post_id = store_table.post_id WHERE (`is_active` = '1') AND (`publish_time` <= '2019-02-27 14:54:43') AND ((`title` LIKE '%\"%') OR (`short_content` LIKE '%\"%') OR (`content` LIKE '%\"%')) AND (store_table.store_id IN('1', 0)) GROUP BY `main_table`.`post_id` ORDER BY search_rate DESC, publish_time DESC
 LIMIT 10
#0 /var/www/html/lib/internal/Magento/Framework/DB/Statement/Pdo/Mysql.php(93): Zend_Db_Statement_Pdo->_execute(Array)
#1 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Statement.php(303): Magento\Framework\DB\Statement\Pdo\Mysql->_execute(Array)
#2 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT `main_ta...', Array)
#4 /var/www/html/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php(541): Zend_Db_Adapter_Pdo_Abstract->query('SELECT `main_ta...', Array)
#5 /var/www/html/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php(615): Magento\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT `main_ta...', Array)
#6 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Abstract.php(737): Magento\Framework\DB\Adapter\Pdo\Mysql->query(Object(Magento\Framework\DB\Select), Array)
#7 /var/www/html/lib/internal/Magento/Framework/Data/Collection/Db/FetchStrategy/Query.php(21): Zend_Db_Adapter_Abstract->fetchAll(Object(Magento\Framework\DB\Select), Array)
#8 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(778): Magento\Framework\Data\Collection\Db\FetchStrategy\Query->fetchAll(Object(Magento\Framework\DB\Select), Array)
#9 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(674): Magento\Framework\Data\Collection\AbstractDb->_fetchAll(Object(Magento\Framework\DB\Select))
#10 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(577): Magento\Framework\Data\Collection\AbstractDb->getData()
#11 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(562): Magento\Framework\Data\Collection\AbstractDb->loadWithFilter(false, false)
#12 /var/www/html/lib/internal/Magento/Framework/Data/Collection.php(843): Magento\Framework\Data\Collection\AbstractDb->load()
#13 /var/www/html/vendor/magefan/module-blog/view/frontend/templates/post/list.phtml(19): Magento\Framework\Data\Collection->count()
#14 /var/www/html/lib/internal/Magento/Framework/View/TemplateEngine/Php.php(59): include('/var/www/html/v...')
#15 /var/www/html/lib/internal/Magento/Framework/View/Element/Template.php(271): Magento\Framework\View\TemplateEngine\Php->render(Object(Magefan\Blog\Block\Search\PostList), '/var/www/html/v...', Array)
#16 /var/www/html/lib/internal/Magento/Framework/View/Element/Template.php(301): Magento\Framework\View\Element\Template->fetchView('/var/www/html/v...')
#17 /var/www/html/vendor/magefan/module-blog/Block/Post/PostList/AbstractList.php(154): Magento\Framework\View\Element\Template->_toHtml()
#18 /var/www/html/lib/internal/Magento/Framework/View/Element/AbstractBlock.php(668): Magefan\Blog\Block\Post\PostList\AbstractList->_toHtml()
#19 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(557): Magento\Framework\View\Element\AbstractBlock->toHtml()
#20 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(533): Magento\Framework\View\Layout->_renderBlock('blog.posts.list')
#21 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('blog.posts.list')
#22 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('blog.posts.list', false)
#23 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('content', false)
#24 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('content')
#25 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('content', false)
#26 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('main', false)
#27 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('main')
#28 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('main', false)
#29 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('columns', false)
#30 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('columns')
#31 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('columns', false)
#32 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('main.content', false)
#33 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('main.content')
#34 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('main.content', false)
#35 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('page.wrapper', false)
#36 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('page.wrapper')
#37 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('page.wrapper', false)
#38 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('root', false)
#39 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('root')
#40 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(954): Magento\Framework\View\Layout->renderElement('root')
#41 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\View\Layout->getOutput()
#42 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\View\Layout\Interceptor->___callParent('getOutput', Array)
#43 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\View\Layout\Interceptor->Magento\Framework\Interception\{closure}()
#44 /var/www/html/generated/code/Magento/Framework/View/Layout/Interceptor.php(39): Magento\Framework\View\Layout\Interceptor->___callPlugins('getOutput', Array, Array)
#45 /var/www/html/lib/internal/Magento/Framework/View/Result/Page.php(258): Magento\Framework\View\Layout\Interceptor->getOutput()
#46 /var/www/html/lib/internal/Magento/Framework/View/Result/Layout.php(171): Magento\Framework\View\Result\Page->render(Object(Magento\Framework\App\Response\Http\Interceptor))
#47 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\View\Result\Layout->renderResult(Object(Magento\Framework\App\Response\Http\Interceptor))
#48 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\View\Result\Page\Interceptor->___callParent('renderResult', Array)
#49 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\View\Result\Page\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Response\Http\Interceptor))
#50 /var/www/html/generated/code/Magento/Framework/View/Result/Page/Interceptor.php(26): Magento\Framework\View\Result\Page\Interceptor->___callPlugins('renderResult', Array, Array)
#51 /var/www/html/lib/internal/Magento/Framework/App/View.php(221): Magento\Framework\View\Result\Page\Interceptor->renderResult(Object(Magento\Framework\App\Response\Http\Interceptor))
#52 /var/www/html/vendor/magefan/module-blog/Controller/Search/Index.php(27): Magento\Framework\App\View->renderLayout()
#53 /var/www/html/lib/internal/Magento/Framework/App/Action/Action.php(108): Magefan\Blog\Controller\Search\Index->execute()
#54 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\App\Action\Action->dispatch(Object(Magento\Framework\App\Request\Http))
#55 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magefan\Blog\Controller\Search\Index\Interceptor->___callParent('dispatch', Array)
#56 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magefan\Blog\Controller\Search\Index\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#57 /var/www/html/generated/code/Magefan/Blog/Controller/Search/Index/Interceptor.php(26): Magefan\Blog\Controller\Search\Index\Interceptor->___callPlugins('dispatch', Array, Array)
#58 /var/www/html/lib/internal/Magento/Framework/App/FrontController.php(159): Magefan\Blog\Controller\Search\Index\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))
#59 /var/www/html/lib/internal/Magento/Framework/App/FrontController.php(99): Magento\Framework\App\FrontController->processRequest(Object(Magento\Framework\App\Request\Http), Object(Magefan\Blog\Controller\Search\Index\Interceptor))
#60 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\App\FrontController->dispatch(Object(Magento\Framework\App\Request\Http))
#61 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\App\FrontController\Interceptor->___callParent('dispatch', Array)
#62 /var/www/html/app/code/Magento/Store/App/FrontController/Plugin/RequestPreprocessor.php(94): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#63 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(135): Magento\Store\App\FrontController\Plugin\RequestPreprocessor->aroundDispatch(Object(Magento\Framework\App\FrontController\Interceptor), Object(Closure), Object(Magento\Framework\App\Request\Http))
#64 /var/www/html/app/code/Magento/PageCache/Model/App/FrontController/BuiltinPlugin.php(73): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#65 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(135): Magento\PageCache\Model\App\FrontController\BuiltinPlugin->aroundDispatch(Object(Magento\Framework\App\FrontController\Interceptor), Object(Closure), Object(Magento\Framework\App\Request\Http))
#66 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#67 /var/www/html/generated/code/Magento/Framework/App/FrontController/Interceptor.php(26): Magento\Framework\App\FrontController\Interceptor->___callPlugins('dispatch', Array, NULL)
#68 /var/www/html/lib/internal/Magento/Framework/App/Http.php(135): Magento\Framework\App\FrontController\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))
#69 /var/www/html/lib/internal/Magento/Framework/App/Bootstrap.php(258): Magento\Framework\App\Http->launch()
#70 /var/www/html/pub/index.php(37): Magento\Framework\App\Bootstrap->run(Object(Magento\Framework\App\Http\Interceptor))
#71 {main}

Exception #1 (PDOException): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"""), 4)) AS `search_rate` FROM `magefan_blog_post` AS `main_table`
 INNER JOIN ' at line 1
#0 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Statement/Pdo.php(228): PDOStatement->execute(Array)
#1 /var/www/html/lib/internal/Magento/Framework/DB/Statement/Pdo/Mysql.php(93): Zend_Db_Statement_Pdo->_execute(Array)
#2 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Statement.php(303): Magento\Framework\DB\Statement\Pdo\Mysql->_execute(Array)
#3 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#4 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT `main_ta...', Array)
#5 /var/www/html/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php(541): Zend_Db_Adapter_Pdo_Abstract->query('SELECT `main_ta...', Array)
#6 /var/www/html/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php(615): Magento\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT `main_ta...', Array)
#7 /var/www/html/vendor/magento/zendframework1/library/Zend/Db/Adapter/Abstract.php(737): Magento\Framework\DB\Adapter\Pdo\Mysql->query(Object(Magento\Framework\DB\Select), Array)
#8 /var/www/html/lib/internal/Magento/Framework/Data/Collection/Db/FetchStrategy/Query.php(21): Zend_Db_Adapter_Abstract->fetchAll(Object(Magento\Framework\DB\Select), Array)
#9 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(778): Magento\Framework\Data\Collection\Db\FetchStrategy\Query->fetchAll(Object(Magento\Framework\DB\Select), Array)
#10 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(674): Magento\Framework\Data\Collection\AbstractDb->_fetchAll(Object(Magento\Framework\DB\Select))
#11 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(577): Magento\Framework\Data\Collection\AbstractDb->getData()
#12 /var/www/html/lib/internal/Magento/Framework/Data/Collection/AbstractDb.php(562): Magento\Framework\Data\Collection\AbstractDb->loadWithFilter(false, false)
#13 /var/www/html/lib/internal/Magento/Framework/Data/Collection.php(843): Magento\Framework\Data\Collection\AbstractDb->load()
#14 /var/www/html/vendor/magefan/module-blog/view/frontend/templates/post/list.phtml(19): Magento\Framework\Data\Collection->count()
#15 /var/www/html/lib/internal/Magento/Framework/View/TemplateEngine/Php.php(59): include('/var/www/html/v...')
#16 /var/www/html/lib/internal/Magento/Framework/View/Element/Template.php(271): Magento\Framework\View\TemplateEngine\Php->render(Object(Magefan\Blog\Block\Search\PostList), '/var/www/html/v...', Array)
#17 /var/www/html/lib/internal/Magento/Framework/View/Element/Template.php(301): Magento\Framework\View\Element\Template->fetchView('/var/www/html/v...')
#18 /var/www/html/vendor/magefan/module-blog/Block/Post/PostList/AbstractList.php(154): Magento\Framework\View\Element\Template->_toHtml()
#19 /var/www/html/lib/internal/Magento/Framework/View/Element/AbstractBlock.php(668): Magefan\Blog\Block\Post\PostList\AbstractList->_toHtml()
#20 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(557): Magento\Framework\View\Element\AbstractBlock->toHtml()
#21 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(533): Magento\Framework\View\Layout->_renderBlock('blog.posts.list')
#22 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('blog.posts.list')
#23 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('blog.posts.list', false)
#24 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('content', false)
#25 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('content')
#26 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('content', false)
#27 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('main', false)
#28 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('main')
#29 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('main', false)
#30 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('columns', false)
#31 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('columns')
#32 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('columns', false)
#33 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('main.content', false)
#34 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('main.content')
#35 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('main.content', false)
#36 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('page.wrapper', false)
#37 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('page.wrapper')
#38 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(585): Magento\Framework\View\Layout->renderElement('page.wrapper', false)
#39 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(535): Magento\Framework\View\Layout->_renderContainer('root', false)
#40 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(488): Magento\Framework\View\Layout->renderNonCachedElement('root')
#41 /var/www/html/lib/internal/Magento/Framework/View/Layout.php(954): Magento\Framework\View\Layout->renderElement('root')
#42 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\View\Layout->getOutput()
#43 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\View\Layout\Interceptor->___callParent('getOutput', Array)
#44 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\View\Layout\Interceptor->Magento\Framework\Interception\{closure}()
#45 /var/www/html/generated/code/Magento/Framework/View/Layout/Interceptor.php(39): Magento\Framework\View\Layout\Interceptor->___callPlugins('getOutput', Array, Array)
#46 /var/www/html/lib/internal/Magento/Framework/View/Result/Page.php(258): Magento\Framework\View\Layout\Interceptor->getOutput()
#47 /var/www/html/lib/internal/Magento/Framework/View/Result/Layout.php(171): Magento\Framework\View\Result\Page->render(Object(Magento\Framework\App\Response\Http\Interceptor))
#48 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\View\Result\Layout->renderResult(Object(Magento\Framework\App\Response\Http\Interceptor))
#49 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\View\Result\Page\Interceptor->___callParent('renderResult', Array)
#50 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\View\Result\Page\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Response\Http\Interceptor))
#51 /var/www/html/generated/code/Magento/Framework/View/Result/Page/Interceptor.php(26): Magento\Framework\View\Result\Page\Interceptor->___callPlugins('renderResult', Array, Array)
#52 /var/www/html/lib/internal/Magento/Framework/App/View.php(221): Magento\Framework\View\Result\Page\Interceptor->renderResult(Object(Magento\Framework\App\Response\Http\Interceptor))
#53 /var/www/html/vendor/magefan/module-blog/Controller/Search/Index.php(27): Magento\Framework\App\View->renderLayout()
#54 /var/www/html/lib/internal/Magento/Framework/App/Action/Action.php(108): Magefan\Blog\Controller\Search\Index->execute()
#55 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\App\Action\Action->dispatch(Object(Magento\Framework\App\Request\Http))
#56 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magefan\Blog\Controller\Search\Index\Interceptor->___callParent('dispatch', Array)
#57 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magefan\Blog\Controller\Search\Index\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#58 /var/www/html/generated/code/Magefan/Blog/Controller/Search/Index/Interceptor.php(26): Magefan\Blog\Controller\Search\Index\Interceptor->___callPlugins('dispatch', Array, Array)
#59 /var/www/html/lib/internal/Magento/Framework/App/FrontController.php(159): Magefan\Blog\Controller\Search\Index\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))
#60 /var/www/html/lib/internal/Magento/Framework/App/FrontController.php(99): Magento\Framework\App\FrontController->processRequest(Object(Magento\Framework\App\Request\Http), Object(Magefan\Blog\Controller\Search\Index\Interceptor))
#61 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(58): Magento\Framework\App\FrontController->dispatch(Object(Magento\Framework\App\Request\Http))
#62 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(138): Magento\Framework\App\FrontController\Interceptor->___callParent('dispatch', Array)
#63 /var/www/html/app/code/Magento/Store/App/FrontController/Plugin/RequestPreprocessor.php(94): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#64 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(135): Magento\Store\App\FrontController\Plugin\RequestPreprocessor->aroundDispatch(Object(Magento\Framework\App\FrontController\Interceptor), Object(Closure), Object(Magento\Framework\App\Request\Http))
#65 /var/www/html/app/code/Magento/PageCache/Model/App/FrontController/BuiltinPlugin.php(73): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#66 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(135): Magento\PageCache\Model\App\FrontController\BuiltinPlugin->aroundDispatch(Object(Magento\Framework\App\FrontController\Interceptor), Object(Closure), Object(Magento\Framework\App\Request\Http))
#67 /var/www/html/lib/internal/Magento/Framework/Interception/Interceptor.php(153): Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}(Object(Magento\Framework\App\Request\Http))
#68 /var/www/html/generated/code/Magento/Framework/App/FrontController/Interceptor.php(26): Magento\Framework\App\FrontController\Interceptor->___callPlugins('dispatch', Array, NULL)
#69 /var/www/html/lib/internal/Magento/Framework/App/Http.php(135): Magento\Framework\App\FrontController\Interceptor->dispatch(Object(Magento\Framework\App\Request\Http))
#70 /var/www/html/lib/internal/Magento/Framework/App/Bootstrap.php(258): Magento\Framework\App\Http->launch()
#71 /var/www/html/pub/index.php(37): Magento\Framework\App\Bootstrap->run(Object(Magento\Framework\App\Http\Interceptor))
#72 {main}

This is because the search term is directly concatenated into SQL query in Model/ResourceModel/Post/Collection.php::addSearchFilter:

        $this->addExpressionFieldToSelect(
            'search_rate',
            '(0
              + FORMAT(MATCH (title, meta_keywords, meta_description, identifier, content) AGAINST ("{{term}}"), 4))',
            [
                'term' => $term,
            ]
        );

Magento also directly concatenates $term into rest of the query and the resulting exception happens.

magefan commented 5 years ago

@aario , thank you for youre port. Can you please let us know

  1. What magento 2 version you have
  2. What blog extension version you use?
aario commented 5 years ago

Magento 2 CE 2.3.0 MageFan Module-Blog 2.8.7.1

229 can fix this.

magefan commented 5 years ago

Thank you for your contribution. We will release a new version ASAP (think tomorrow).

magefan commented 5 years ago

v2.8.8 with this fix is already available via the composer https://packagist.org/packages/magefan/module-blog

Magento 2 Blog Extension on our website will be updated soon.