Bug 869459
| Summary: | Topic title search field does not escape apostrophe in search string | ||
|---|---|---|---|
| Product: | [Community] PressGang CCMS | Reporter: | Joshua Wulf <jwulf> |
| Component: | Web-UI | Assignee: | pressgang-ccms-dev |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.0 | CC: | lcarlon, lnewson |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-07-02 00:57:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in build 20121123-1253. Cause: The query wasn't using the parameter binding to bind the passed values to a query, as such if you entered any form of HQL you could execute it to some extent (see Bug #837993). Consequence: If you used certain values in a search the search would either return unexpected results or throw an exception. Fix: Ensure that all user passed parameters are bound using prepared statements. In this case I used the JPA Criteria API to rewrite the backend Query Builders. |
Searching for a topic title that contains an apostrophe causes the following error: javax.el.ELException: /WEB-INF/templates/TopicSearchListActionButtons.xhtml @9,75 rendered="#{render == null || render}": /CustomSearchTopicList.xhtml @237,84 value="#{not empty groupedTopicTagsList.resultList}": java.lang.IllegalArgumentException: org.hibernate.QueryException: expecting ''', found '<EOF>' [SELECT topic FROM com.redhat.topicindex.entity.Topic as Topic WHERE (LOWER(topic.topicTitle) LIKE LOWER('%Quota - A Users' Introduction%'