This happens when trying to add a video to a gallery, something that has worked fine forever. No changes made recently. All I can see in the error log is:-
Unfortunately a query has failed [SELECT r.*,r.description__source_user,r.description__text_parsed FROM cms_videos r LEFT JOIN cms_content_privacy priv ON priv.content_id=CAST(r.id AS CHAR(20)) AND priv.content_type='video' WHERE 1=1 AND (priv.content_id IS NULL OR priv.guest_view=1) GROUP BY r.id ORDER BY random ASC LIMIT 0,1] [<strong>Unknown column 'random' in 'order clause'</strong>] (version: 10.0.52, PHP version: 7.4.33, URL: /data/preview.php?page=cms_comcode_pages&type=_edit) @ https://mediafeeder.net/data/preview.php?page=cms_comcode_pages&type=_edit
Funded?
No
Edited
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Rating
Unrated
Comments
System message - Issue updated
By Adam Edington,
By Adam Edington,
posted
The details or status of this tracker issue were updated by Adam Edington
'Random' is a special keyword used in Composr CMS. It is supposed to be processed by handle_abstract_sorting and converted into an actual ORDER BY SQL query. It appears, for some reason, that is not happening, and Composr is treating 'random' as a literal column name.
I'm assuming you're getting ORDERBY_HACK errors, correct? A bug like the above would definitely trigger that.
Composr has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem. (version: 10.0.52, PHP version: 7.4.33, URL: /cms/cms-galleries/_add_other?keep_fatalistic=1&redirect=https%3A%3Aslash%3A%3Aslash%3Amediafeeder.net%3Aslash%3Amusic%3Aslash%3Agalleries%3Aslash%3Abrowse%3Aslash%3Aoverdrive&uploading=1)
Not seeing any ORDERBY_HACK errors, using the same code as I have for several years. Stack trace has some mentions of Tempcode. No idea what's going on, just trying to add a video. Relogged in and tried about 3 times, same message. Very strange. Any way to turn this off?
I'm a little confused. You mentioned "hack attack". Is there anything under Admin Zone > Audit > Security Logging?
I don't think you can turn it off in v10. In v11, there is a tool called "advanced banning" where you can silence certain security alerts. However, even if you can turn the alert off, you will still get the database error.
I (or someone else) will need to implement a fix. It's an actual bug. I'll look into it after the holidays and see if I can come up with a patch.
It may be a while, however, because I am also moving locations after the New Year. We're looking at the middle of January before I can take a look.
Edited
Comments
System message - Issue updated
I'm assuming you're getting ORDERBY_HACK errors, correct? A bug like the above would definitely trigger that.
Not seeing any ORDERBY_HACK errors, using the same code as I have for several years. Stack trace has some mentions of Tempcode. No idea what's going on, just trying to add a video. Relogged in and tried about 3 times, same message. Very strange. Any way to turn this off?
I don't think you can turn it off in v10. In v11, there is a tool called "advanced banning" where you can silence certain security alerts. However, even if you can turn the alert off, you will still get the database error.
I (or someone else) will need to implement a fix. It's an actual bug. I'll look into it after the holidays and see if I can come up with a patch.
It may be a while, however, because I am also moving locations after the New Year. We're looking at the middle of January before I can take a look.