The details or status of this tracker issue were updated by Adam Edington

'Random' is a special keyword used in Composr CMS. It is supposed to be processed by handle_abstract_sorting and converted into an actual ORDER BY SQL query. It appears, for some reason, that is not happening, and Composr is treating 'random' as a literal column name.

I'm assuming you're getting ORDERBY_HACK errors, correct? A bug like the above would definitely trigger that.

Composr has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem. (version: 10.0.52, PHP version: 7.4.33, URL: /cms/cms-galleries/_add_other?keep_fatalistic=1&redirect=https%3A%3Aslash%3A%3Aslash%3Amediafeeder.net%3Aslash%3Amusic%3Aslash%3Agalleries%3Aslash%3Abrowse%3Aslash%3Aoverdrive&uploading=1)

Not seeing any ORDERBY_HACK errors, using the same code as I have for several years. Stack trace has some mentions of Tempcode. No idea what's going on, just trying to add a video. Relogged in and tried about 3 times, same message. Very strange. Any way to turn this off?

I'm a little confused. You mentioned "hack attack". Is there anything under Admin Zone > Audit > Security Logging?

I don't think you can turn it off in v10. In v11, there is a tool called "advanced banning" where you can silence certain security alerts. However, even if you can turn the alert off, you will still get the database error.

I (or someone else) will need to implement a fix. It's an actual bug. I'll look into it after the holidays and see if I can come up with a patch.

It may be a while, however, because I am also moving locations after the New Year. We're looking at the middle of January before I can take a look.

Just failed logins and Guests trying to change the SQL ordering attribute... Accounts not enabled

Unfortunately, I'll need the stack trace to really understand what is happening. You can send it as an attachment to me in a PT. It sounds like when you're trying to add a gallery, something isn't POSTing correctly, such as the CSRF token or CAPTCHA.

Do what you did to get the error that you posted above. Capture the stack trace if you can, and send that to me in a PT.

No stack trace, just tried adding a video and it's now saying I didn't fill the form in correctly. This message shows as the entry tries to post, I did manage to post a new video but when I edit it, I get the form not filled in correctly message, cannot add the meta tags. It's weird as this was working without issue for nearly 2 years and no code has changed. This is a different error than the original issue refers to, but both were unexpectedly bizarre.

Now I managed to edit the meta tags (4th attempt). Something weird is happening with gallery posts, possibly something my host has changed?

I'm sorry, I don't know how to help. This is a very weird error. Without a stack trace, I would need to take a look at the site.

Actually, try this: Have developer tools open when you add/edit gallery entries. If you get the error again, check the console. Let me know if you have any console errors. Maybe the JavaScript is getting messed up (if the form error is showing immediately, then it's probably the JavaScript form validation causing an issue).

/cms/cms-galleries/__edit_other/1112?redirect=https%3A%3Aslash%3A%3Aslash%3Amediafeeder.net%3Aslash%3Amusic%3Aslash%3Agalleries%3Aslash%3Avideo%3Aslash%3AjOruX5lORh4%3Aques%3Awide%3Aequals%3A1&uploading=1:1   POST https://mediafeeder.net/cms/cms-galleries/__edit_other/1112?redirect=https%3A%3Aslash%3A%3Aslash%3Amediafeeder.net%3Aslash%3Amusic%3Aslash%3Agalleries%3Aslash%3Avideo%3Aslash%3AjOruX5lORh4%3Aques%3Awide%3Aequals%3A1&uploading=1 403 (Forbidden)

This isn't making sense to me.

A 403 Forbidden wouldn't cause the form validation to say that you didn't fill in the form correctly. Instead, you would have received a different error message.

A hack attack *would* have given a 403, though.

Yes I am getting hack attack messages when trying to select images from the filedump or when editing meta tags (in some cases).

The form validation error seems to have remedied itself, no idea what that was about. Surely admins should be exempt from this nonsense.