Uploaded image for project: 'AdMax'
  1. AdMax
  2. ADMAX-2481

Google Sync: SQL injection impacting sam's club ability to sync an adgroup

          Details

          • Type: Bug
          • Status: Open
          • Priority: Major
          • Resolution: Unresolved
          • Affects Version/s: None
          • Fix Version/s: None
          • Component/s: Google
          • Labels:
            None

            Description

            GoogleAPISearchEngine is probably not wrapping a value in a SQLLiteral class. in this case, the source was created by pixel playback and seupdate is trying to

            the "?" might be a utf8 character that can't display correctly (or it could actually be a question mark). It's possible the question mark is coming from the structure report file, or an issue importing the utf8 character in the file into the database.

            2010-11-17 12:24:54.979 (3) [P2T6]: Unclaimed source for keyword "indoor d?cor for christmas", altkey "go000000111962915s_indoor_dqecor_for_christmas", identifier "22768777802" (match type: exact) - assigning acct/group

            2010-11-17 12:24:54.980 (3) [P2T6]: Unset matchtype for keyword "indoor d?cor for christmas", altkey "go000000111962915s_indoor_dqecor_for_christmas", identifier "22768777802" (match type: exact), setting to"exact"

            2010-11-17 12:24:54.980 (1) [P2T6]: Exception [Error saving record]:com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"indoor d?cor for christmas",`searchEngineMatchType`="exact" where (`id`=6889131' at line 1

            at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)

            at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2870)

            at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1573)

            at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665)

            at com.mysql.jdbc.Connection.execSQL(Connection.java:3170)

            at com.mysql.jdbc.Statement.executeUpdate(Statement.java:1316)

            at com.mysql.jdbc.Statement.executeUpdate(Statement.java:1235)

            at com.carldunham.jst.db.Database.executeUpdate(Database.java:401)

            at com.carldunham.jst.db.BaseDatabaseTable.update(BaseDatabaseTable.java:664)

            at com.carldunham.jst.db.BaseDatabaseTableRow.save(BaseDatabaseTableRow.java:507)

            at com.carldunham.jst.db.BaseDatabaseTableRow.save(BaseDatabaseTableRow.java:424)

            at com.thesearchagency.searchengines.SearchEngineUtils.getSource(SearchEngineUtils.java:617)

            at com.thesearchagency.searchengines.SearchEngineUpdater$SearchEngineAccountWorker.syncListings(SearchEngineUpdater.java:1952)

            at com.thesearchagency.searchengines.SearchEngineUpdater$SearchEngineAccountWorker.run(SearchEngineUpdater.java:1694)

            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)

            at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)

            at java.util.concurrent.FutureTask.run(FutureTask.java:123)

            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)

            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

            at java.lang.Thread.run(Thread.java:595)

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    therouxj Jeff Theroux
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated: