This happens when trying to add a video to a gallery, something that has worked fine forever. No changes made recently. All I can see in the error log is:-
Unfortunately a query has failed [SELECT r.*,r.description__source_user,r.description__text_parsed FROM cms_videos r LEFT JOIN cms_content_privacy priv ON priv.content_id=CAST(r.id AS CHAR(20)) AND priv.content_type='video' WHERE 1=1 AND (priv.content_id IS NULL OR priv.guest_view=1) GROUP BY r.id ORDER BY random ASC LIMIT 0,1] [<strong>Unknown column 'random' in 'order clause'</strong>] (version: 10.0.52, PHP version: 7.4.33, URL: /data/preview.php?page=cms_comcode_pages&type=_edit) @ https://mediafeeder.net/data/preview.php?page=cms_comcode_pages&type=_edit
Funded?
No
Edited
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Rating
Unrated
Comments
System message - Issue updated
By Adam Edington,
By Adam Edington,
posted
The details or status of this tracker issue were updated by Adam Edington
'Random' is a special keyword used in Composr CMS. It is supposed to be processed by handle_abstract_sorting and converted into an actual ORDER BY SQL query. It appears, for some reason, that is not happening, and Composr is treating 'random' as a literal column name.
I'm assuming you're getting ORDERBY_HACK errors, correct? A bug like the above would definitely trigger that.
Composr has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem. (version: 10.0.52, PHP version: 7.4.33, URL: /cms/cms-galleries/_add_other?keep_fatalistic=1&redirect=https%3A%3Aslash%3A%3Aslash%3Amediafeeder.net%3Aslash%3Amusic%3Aslash%3Agalleries%3Aslash%3Abrowse%3Aslash%3Aoverdrive&uploading=1)
Not seeing any ORDERBY_HACK errors, using the same code as I have for several years. Stack trace has some mentions of Tempcode. No idea what's going on, just trying to add a video. Relogged in and tried about 3 times, same message. Very strange. Any way to turn this off?
I'm a little confused. You mentioned "hack attack". Is there anything under Admin Zone > Audit > Security Logging?
I don't think you can turn it off in v10. In v11, there is a tool called "advanced banning" where you can silence certain security alerts. However, even if you can turn the alert off, you will still get the database error.
I (or someone else) will need to implement a fix. It's an actual bug. I'll look into it after the holidays and see if I can come up with a patch.
It may be a while, however, because I am also moving locations after the New Year. We're looking at the middle of January before I can take a look.
Unfortunately, I'll need the stack trace to really understand what is happening. You can send it as an attachment to me in a PT. It sounds like when you're trying to add a gallery, something isn't POSTing correctly, such as the CSRF token or CAPTCHA.
Do what you did to get the error that you posted above. Capture the stack trace if you can, and send that to me in a PT.
No stack trace, just tried adding a video and it's now saying I didn't fill the form in correctly. This message shows as the entry tries to post, I did manage to post a new video but when I edit it, I get the form not filled in correctly message, cannot add the meta tags. It's weird as this was working without issue for nearly 2 years and no code has changed. This is a different error than the original issue refers to, but both were unexpectedly bizarre.
I'm sorry, I don't know how to help. This is a very weird error. Without a stack trace, I would need to take a look at the site.
Actually, try this: Have developer tools open when you add/edit gallery entries. If you get the error again, check the console. Let me know if you have any console errors. Maybe the JavaScript is getting messed up (if the form error is showing immediately, then it's probably the JavaScript form validation causing an issue).
A 403 Forbidden wouldn't cause the form validation to say that you didn't fill in the form correctly. Instead, you would have received a different error message.
Edited
Comments
System message - Issue updated
I'm assuming you're getting ORDERBY_HACK errors, correct? A bug like the above would definitely trigger that.
Not seeing any ORDERBY_HACK errors, using the same code as I have for several years. Stack trace has some mentions of Tempcode. No idea what's going on, just trying to add a video. Relogged in and tried about 3 times, same message. Very strange. Any way to turn this off?
I don't think you can turn it off in v10. In v11, there is a tool called "advanced banning" where you can silence certain security alerts. However, even if you can turn the alert off, you will still get the database error.
I (or someone else) will need to implement a fix. It's an actual bug. I'll look into it after the holidays and see if I can come up with a patch.
It may be a while, however, because I am also moving locations after the New Year. We're looking at the middle of January before I can take a look.
Do what you did to get the error that you posted above. Capture the stack trace if you can, and send that to me in a PT.
Actually, try this: Have developer tools open when you add/edit gallery entries. If you get the error again, check the console. Let me know if you have any console errors. Maybe the JavaScript is getting messed up (if the form error is showing immediately, then it's probably the JavaScript form validation causing an issue).
A 403 Forbidden wouldn't cause the form validation to say that you didn't fill in the form correctly. Instead, you would have received a different error message.
A hack attack *would* have given a 403, though.
Yes I am getting hack attack messages when trying to select images from the filedump or when editing meta tags (in some cases).
The form validation error seems to have remedied itself, no idea what that was about. Surely admins should be exempt from this nonsense.