An example:
drupal.org/tracker?sort=asc&order=foobar

user error: You have an error in your SQL syntax near 'DESC LIMIT 0, 10' at line 1
query: SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_activity FROM node n LEFT JOIN comments c ON n.nid = c.nid LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY DESC LIMIT 0, 10 in /var/www/drupal.org/includes/database.mysql.inc on line 90.

Comments

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented

I'm unsure what bug you are reporting. How do I duplicate this? If you type
in bogus URLs, you are going to get an error message back.

scott_’s picture

scott_ CreditAttribution: scott_ commented

I included an example url that should show the problem.
This happened to me when i copied an url but forgot the last character (an annoying habbit). An error message is ok (just using the default order would be even better), but imho bad SQL queries are not. Intentional or not, websites should never cause errors like this no matter what request has been made. Its ugly and fills up the watchdog table with useless junk.

Since there are two spaces behind the ORDER BY clause, i assume the code is somewhat like "ORDER BY $something DESC. I haven't seen the code, but it doesnt seem too dificult to detect that $something is empty.

Kjartan’s picture

Kjartan CreditAttribution: Kjartan commented
Assigned: Unassigned » Kjartan
Dries’s picture

Dries CreditAttribution: Dries commented
Dries’s picture

Dries CreditAttribution: Dries commented

I just committed Kjartan's fix to the HEAD branch. Marking this report as such.

Automatically closed due to inactivity (marked fixed for 14 days).