Error 500 if there is a single quote in the subject of a message

This is a known problem and we are working on a fix.

Typing ' (single quote symbol) in the Subject (i.e. title) of a message and submitting it triggers Error 500 (Unspecified Internal Error).

bad_message.png

In the case shown, we have a message with subject Andrew's question. It contains the ' symbol. When trying to create a message, we will receive this screen:

error500_2.png

The message would still be created and visible on the Forums page and sidebar, but if you try to open it, you'll receive the same error. This prevents you from doing anything with the message itself (reply, edit, vote, delete, etc.)

This is the log record for this error (log file .../apps/redmine/htdocs/log/production.log):

Completed 500 Internal Server Error in 356ms (ActiveRecord: 80.0ms)

ActionView::Template::Error (Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't%' OR subject LIKE '%included%')' at line 1: SELECT messages.* FROM messages WHERE (subject LIKE '%JS%' OR subject LIKE '%isn't%' OR subject LIKE '%included%')):
    127:     <%#  Board.all.map(&:topics).flatten.first(5).each do |topic| %>
    128:     <% tokens = @topic.subject.strip.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')} || "" %>
    129:     <% if ActiveRecord::VERSION::MAJOR >= 4 %>
    130:       <% related_topics = Message.where(tokens.map{ |t| "subject LIKE '%#{t}%'" }.join(' OR ')).to_a.compact if tokens %>
    131:     <% else %>
    132:       <% related_topics = Message.search(tokens, @project, :limit => 5)[0].select{|m| m != @topic && m.parent_id == nil }.compact if tokens %>
    133:     <% end %>
  plugins/redmine_questions/app/views/messages/show.html.erb:130:in `block in _plugins_redmine_questions_app_views_messages_show_html_erb__1005890687_84854904'
  plugins/redmine_questions/app/views/messages/show.html.erb:105:in `_plugins_redmine_questions_app_views_messages_show_html_erb__1005890687_84854904'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'

That is why we recommend not to use single quotes in subjects (titles) of articles and forums until the problem is solved. In case you did receive this error screen, please contact our support team, send the log or give the link to this article in case the log record is the same.

Same message without the ' symbol ...

valid_message.png

... is created normally.

error500_4.png

Was this article helpful? Yes  No
120 from 150 found this helpful