Hello,
We recently upgraded our OJS to the latest 2.4.6.0 and noticed that there is SQL code beeing exposed!
Does anybody else experience such problem when you go to this URL http://your.ojs.site/index.php/jcaa/search/authors ?
I did check all my PHP setttings and there should be no error displayed, per Apache’s settings…
Thanks for your feedback!
***Input array does not match ?: SELECT DISTINCT***
***CAST('' AS CHAR) AS url,***
***0 AS author_id,***
***0 AS submission_id,***
***CAST('' AS CHAR) AS email,***
***0 AS primary_contact,***
***0 AS seq,***
***aa.first_name,***
***aa.middle_name,***
***aa.last_name,***
*CASE WHEN asl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(asl.setting_value FROM 1 FOR 255) END AS affiliation_l,***
***asl.locale,***
*CASE WHEN aspl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(aspl.setting_value FROM 1 FOR 255) END AS affiliation_pl,***
***aspl.locale AS primary_locale,***
***CASE WHEN aa.country = '' THEN NULL ELSE aa.country END AS country***
***FROM authors aa***
***LEFT JOIN author_settings aspl ON (aa.author_id = aspl.author_id AND***
***aspl.setting_name = 'affiliation' AND aspl.locale = 'en_US')***
*LEFT JOIN author_settings asl ON (aa.author_id = asl.author_id AND*
***asl.setting_name = 'affiliation' AND asl.locale = 'en_US')***
*JOIN articles a ON (a.article_id = aa.submission_id AND a.status =*
***3)***
***JOIN published_articles pa ON (pa.article_id = a.article_id)***
***JOIN issues i ON (pa.issue_id = i.issue_id AND i.published = 1)***
*WHERE a.journal_id = '1' AND*
***(aa.last_name IS NOT NULL AND aa.last_name <> '')***
***02***
***Input array does not match ?: SELECT DISTINCT***
***CAST('' AS CHAR) AS url,***
***0 AS author_id,***
***0 AS submission_id,***
***CAST('' AS CHAR) AS email,***
***0 AS primary_contact,***
***0 AS seq,***
***aa.first_name,***
***aa.middle_name,***
***aa.last_name,***
*CASE WHEN asl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(asl.setting_value FROM 1 FOR 255) END AS affiliation_l,***
***asl.locale,***
*CASE WHEN aspl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(aspl.setting_value FROM 1 FOR 255) END AS affiliation_pl,***
***aspl.locale AS primary_locale,***
***CASE WHEN aa.country = '' THEN NULL ELSE aa.country END AS country***
***FROM authors aa***
***LEFT JOIN author_settings aspl ON (aa.author_id = aspl.author_id AND***
***aspl.setting_name = 'affiliation' AND aspl.locale = 'en_US')***
*LEFT JOIN author_settings asl ON (aa.author_id = asl.author_id AND*
***asl.setting_name = 'affiliation' AND asl.locale = 'en_US')***
*JOIN articles a ON (a.article_id = aa.submission_id AND a.status =*
***3)***
***JOIN published_articles pa ON (pa.article_id = a.article_id)***
***JOIN issues i ON (pa.issue_id = i.issue_id AND i.published = 1)***
*WHERE a.journal_id = '1' AND*
***(aa.last_name IS NOT NULL AND aa.last_name <> '')***
***ORDER BY aa.last_name, aa.first_name02***
***Input array does not match ?: SELECT DISTINCT***
***CAST('' AS CHAR) AS url,***
***0 AS author_id,***
***0 AS submission_id,***
***CAST('' AS CHAR) AS email,***
***0 AS primary_contact,***
***0 AS seq,***
***aa.first_name,***
***aa.middle_name,***
***aa.last_name,***
*CASE WHEN asl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(asl.setting_value FROM 1 FOR 255) END AS affiliation_l,***
***asl.locale,***
*CASE WHEN aspl.setting_value = '' THEN NULL ELSE*
***SUBSTRING(aspl.setting_value FROM 1 FOR 255) END AS affiliation_pl,***
***aspl.locale AS primary_locale,***
***CASE WHEN aa.country = '' THEN NULL ELSE aa.country END AS country***
***FROM authors aa***
***LEFT JOIN author_settings aspl ON (aa.author_id = aspl.author_id AND***
***aspl.setting_name = 'affiliation' AND aspl.locale = 'en_US')***
*LEFT JOIN author_settings asl ON (aa.author_id = asl.author_id AND*
***asl.setting_name = 'affiliation' AND asl.locale = 'en_US')***
*JOIN articles a ON (a.article_id = aa.submission_id AND a.status =*
***3)***
***JOIN published_articles pa ON (pa.article_id = a.article_id)***
***JOIN issues i ON (pa.issue_id = i.issue_id AND i.published = 1)***
*WHERE a.journal_id = '1' AND*
***(aa.last_name IS NOT NULL AND aa.last_name <> '')***
***ORDER BY aa.last_name, aa.first_name LIMIT 0,2502***