Bug 745503

Summary: scoped_search - doesn't support queries containing single quotes
Product: Red Hat Satellite Reporter: Brad Buckingham <bbuckingham>
Component: WebUIAssignee: Amos Benari <abenari>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: low Docs Contact:
Priority: low    
Version: 6.0.1CC: bkearney, cwelton, ohadlevy
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 18:00:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747354    

Description Brad Buckingham 2011-10-12 14:32:36 UTC 
Description of problem:

Performing search queries that contain single quotes ('), generates invalid SQL.  This appears to be an issue in the scoped_search gem.

This was observed using the scoped_search auto-complete feature.  The auto-complete suggested the following as a search query; however, submitting that query generates an exception:

description  =  "Association named 'user' was not found; perhaps you misspelled it?"

Note: auto-complete should only suggest queries that are 'valid'.

Version-Release number of selected component (if applicable):
master

How reproducible:
always

Steps to Reproduce:
1. perform a search query that contains single quotes.  E.g. description = "this is an 'invalid' query"
2.
3.
  
Actual results:
Exception.  Using the example from the description generates an error like:

SQLite3::SQLException: near "user": syntax error: SELECT DISTINCT "notices".text FROM "notices" INNER JOIN "user_notices" ON "notices"."id" = "user_notices"."notice_id" INNER JOIN "users" ON "users"."id" = "user_notices"."user_id" WHERE "users"."id" = 3 AND (text LIKE 'Association named 'user' was not found; perhaps you misspelled it?%') LIMIT 20


Expected results:

Valid search results returned.

Additional info:
Comment 1 Amos Benari 2011-10-18 22:37:07 UTC 
The bug was in the value auto completer of scoped_search.
fixed up stream, commit #4e18d539c382470c01cc8bc6e06a8d3747f9e9f2
Comment 2 Brad Buckingham 2011-11-14 21:06:05 UTC 
verified that the issue raised description above is no longer observable with scoped_search 2.3.6... that version of scoped_search gem has been pushed in to the git repos and should be available in an upcoming build.
Comment 3 Mike McCune 2012-01-26 19:07:47 UTC 
mass ON_QA move
Comment 5 Corey Welton 2012-02-10 13:36:38 UTC 
Mostly no longer applicable due to implementation of elasticsearch - but tested anyway in latest build; the issue no longer appears. QA Verified.
Comment 7 Mike McCune 2013-08-16 18:02:44 UTC 
getting rid of 6.0.0 version since that doesn't exist