I really think there's a problem with the SQL in this API function, found near line 1289 of document.parser.class.inc.php:
function getTemplateVars($idnames=array(), $fields = "*", $docid="", $published=1, $sort="rank", $dir="ASC") {
if(($idnames!='*' && !is_array($idnames)) || count($idnames)==0) {
return false;
}
else {
$result = array();
// get document record
if ($docid=="") {
$docid = $this->documentIdentifier;
$docRow = $this->documentObject;
}
else {
$docRow = $this->getDocument($docid, '*', $published);
if (!$docRow) return false;
}
// get user defined template variables
$fields = ($fields=="") ? "tv.*" : 'tv.'.implode(',tv.',preg_replace("/^\s/i","",explode(',',$fields)));
$sort = ($sort=="") ? "":'tv.'.implode(',tv.',preg_replace("/^\s/i","",explode(',',$sort)));
if ($idnames=="*") $query = "tv.id<>0";
else $query = (is_numeric($idnames[0]) ? "tv.id":"tv.name")." IN ('".implode("','",$idnames)."')";
$tbn = $this->dbConfig['dbase'].".".$this->dbConfig['table_prefix'];
if ($_SESSION['docgroups']) $docgrp = implode(",",$_SESSION['docgroups']);
$sql = "SELECT $fields, IF(tvc.value!='',tvc.value,tv.default_text) as value ";
$sql.= "FROM ".$tbn."site_tmplvars tv ";
$sql.= "INNER JOIN ".$tbn."site_tmplvar_templates tvtpl ON tvtpl.tmplvarid = tv.id ";
$sql.= "LEFT JOIN ".$tbn."site_tmplvar_contentvalues tvc ON tvc.tmplvarid=tv.id AND tvc.contentid = '".$docid."' ";
$sql.= "WHERE ".$query." AND tvtpl.templateid = ".$docRow['template'];
if ($sort) $sql.= " ORDER BY $sort $dir ";
$rs = $this->dbQuery($sql);
for($i=0;$i<@$this->recordCount($rs);$i++) {
array_push($result,@$this->fetchRow($rs));
}
// get default/built-in template variables
ksort($docRow);
foreach ($docRow as $key => $value) {
if ($idnames=="*" || in_array($key,$idnames)) array_push($result,array("name"=>$key,"value"=>$value));
}
return ($result!=false) ? $result[0]:false;
}
}
This is based on
this inquiry.