Uploaded image for project: 'Railo'
  1. Railo
  2. RAILO-2251

cfscript new Query goes into endless loop if sql has two escaped quotes

    Details

      Description

      This line of code causes an endless loop:
      q = new Query(sql:"SELECT 'conan o\'\'brian' name FROM duel ");

      notice the two escaped single quotes.

      It loops in query.cfc line 63-69. specifically line 68 reads:

      if (Mid(Sql,Pos+Len,2) EQ "\" & NextChar) Len+=2;

      The ordinal was already incremented by one in the previous line, so it seems like the increment by 2 is breaking it. If i change that line to:

      if (Mid(Sql,Pos+Len,2) EQ "\" & NextChar) Len+=1;

      It doesn't loop forever. I have not done any other testing to make sure this is the right fix.

      Since that file hasn't changed for 7 months, I assume this bug is in the latest railo as well.

      Thank you for your attention!

        Gliffy Diagrams

          Attachments

          1. Query1.cfc
            5 kB
          2. test.cfm
            1 kB

            Activity

              People

              • Assignee:
                igal-getrailo.org Igal .
                Reporter:
                clitnak Colby Litnak
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: