Bug 887052

Summary:	Source and Target search in editor fails when the search term includes an apostrophe (')
Product:	[Retired] Zanata	Reporter:	David Mason <damason>
Component:	Component-UI	Assignee:	David Mason <damason>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Ding-Yi Chen <dchen>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	2.0	CC:	zanata-bugs
Target Milestone:	---
Target Release:	2.1
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	2.1-SNAPSHOT (20121217-1536)	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-02-27 07:57:43 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description David Mason 2012-12-13 23:41:19 UTC

Description of problem:
If a user searches within a document and includes an apostrophe, e.g. search for "can't", the search fails and shows an error message "Failed to load data from server".


Version-Release number of selected component (if applicable):
2.0

How reproducible:
Always

Steps to Reproduce:
1.Sign in and open the translation editor for any document
2.Enter "can't" in the "Source and Target" search field
3.Press enter
  
Actual results:
Error notification shows "Failed to load data from server". No filtering occurs.

Expected results:
Search does not cause error message and will cause filtering and highlighting for any characters, including apostrophe.

Additional info:
This appears to be caused by failure to escape apostrophe before including the search in the SQL.

Workaround: add a slash character before each apostrophe (e.g. "can\'t")

Comment 1 David Mason 2012-12-13 23:42:46 UTC

Stack trace on server:

09:35:43,212 ERROR [SeamDispatch] Error dispatching action: org.hibernate.exception.SQLGrammarException: could not execute query
org.hibernate.exception.SQLGrammarException: could not execute query
	at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:90)
	at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
	at org.hibernate.loader.Loader.doList(Loader.java:2458)
	at org.hibernate.loader.Loader.doList(Loader.java:2440)
	at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2316)
	at org.hibernate.loader.Loader.list(Loader.java:2311)
	at org.hibernate.loader.custom.CustomLoader.list(CustomLoader.java:321)
	at org.hibernate.impl.SessionImpl.listCustomQuery(SessionImpl.java:1766)
	at org.hibernate.impl.AbstractSessionImpl.list(AbstractSessionImpl.java:165)
	at org.hibernate.impl.SQLQueryImpl.list(SQLQueryImpl.java:175)
	at org.zanata.dao.TextFlowDAO.getNavigationByDocumentId(TextFlowDAO.java:166)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
	at org.zanata.dao.TextFlowDAO_$$_javassist_seam_50.getNavigationByDocumentId(TextFlowDAO_$$_javassist_seam_50.java)
	at org.zanata.webtrans.server.rpc.GetTransUnitsNavigationService.getNavigationIndexes(GetTransUnitsNavigationService.java:63)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
	at org.zanata.webtrans.server.rpc.GetTransUnitsNavigationService_$$_javassist_seam_51.getNavigationIndexes(GetTransUnitsNavigationService_$$_javassist_seam_51.java)
	at org.zanata.webtrans.server.rpc.GetTransUnitListHandler.execute(GetTransUnitListHandler.java:88)
	at org.zanata.webtrans.server.rpc.GetTransUnitListHandler.execute(GetTransUnitListHandler.java:53)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
	at org.zanata.webtrans.server.rpc.GetTransUnitListHandler_$$_javassist_seam_48.execute(GetTransUnitListHandler_$$_javassist_seam_48.java)
	at org.zanata.webtrans.server.SeamDispatch.doExecute(SeamDispatch.java:164)
	at org.zanata.webtrans.server.SeamDispatch.execute(SeamDispatch.java:136)
	at sun.reflect.GeneratedMethodAccessor1971.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
	at org.zanata.webtrans.server.SeamDispatch_$$_javassist_seam_11.execute(SeamDispatch_$$_javassist_seam_11.java)
	at org.zanata.webtrans.server.DispatchServiceImpl.execute(DispatchServiceImpl.java:22)
	at sun.reflect.GeneratedMethodAccessor1973.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
	at org.zanata.webtrans.server.DispatchServiceImpl_$$_javassist_seam_40.execute(DispatchServiceImpl_$$_javassist_seam_40.java)
	at sun.reflect.GeneratedMethodAccessor1972.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.jboss.seam.remoting.gwt.GWTToSeamAdapter.callWebRemoteMethod(GWTToSeamAdapter.java:100)
	at org.jboss.seam.remoting.gwt.GWTService.RPC_invokeAndEncodeResponse(GWTService.java:544)
	at org.jboss.seam.remoting.gwt.GWTService.processCall(GWTService.java:206)
	at org.jboss.seam.remoting.gwt.GWTService$1.process(GWTService.java:120)
	at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65)
	at org.jboss.seam.remoting.gwt.GWTService.getResource(GWTService.java:105)
	at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
	at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
	at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
	at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
	at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.zanata.seam.interceptor.MonitoringWrapper.doFilter(MonitoringWrapper.java:70)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.zanata.servlet.GWTCacheControlFilter.doFilter(GWTCacheControlFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)
	at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
	at java.lang.Thread.run(Thread.java:679)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; update haccount set username=smelly where id = 45;%' or lower(tf.content1) LIK' at line 1
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
	at com.mysql.jdbc.Util.getInstance(Util.java:386)
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3597)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3529)
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1990)
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2151)
	at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2625)
	at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2119)
	at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2281)
	at sun.reflect.GeneratedMethodAccessor313.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at net.bull.javamelody.JdbcWrapper.doExecute(JdbcWrapper.java:373)
	at net.bull.javamelody.JdbcWrapper$StatementInvocationHandler.invoke(JdbcWrapper.java:130)
	at net.bull.javamelody.JdbcWrapper$DelegatingInvocationHandler.invoke(JdbcWrapper.java:259)
	at $Proxy448.executeQuery(Unknown Source)
	at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeQuery(WrappedPreparedStatement.java:342)
	at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:208)
	at org.hibernate.loader.Loader.getResultSet(Loader.java:1997)
	at org.hibernate.loader.Loader.doQuery(Loader.java:840)
	at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:298)
	at org.hibernate.loader.Loader.doList(Loader.java:2455)
	... 156 more

Comment 2 David Mason 2012-12-14 01:48:54 UTC

Fixed in 2.1-SNAPSHOT

See: https://github.com/zanata/zanata/commit/438b3c1e9df962f53d4e459db6aea0a921892fc4

Comment 3 Ding-Yi Chen 2012-12-18 06:21:49 UTC

VERIFIED with Zanata version 2.1-SNAPSHOT (20121217-1536)