Description of problem: Trying to search with reporter/bug owner "doesn't match regex" *redhat.com crashes bugzilla (sql shown) Version-Release number of selected component (if applicable): 2.18rh (what's on bugzilla.redhat.com) How reproducible: every time Steps to Reproduce: (note: screenshot attached) 1. Go to the advanced search page 2. search for Red Hat Web Site bugs, current release 3. select "reporter" and "bug owner" in the "any of:" checkboxes 4. select "doesn't match regex" 5. enter "*redhat.com" as the regex 6. run query Actual results: DBD::Pg::st execute failed: ERROR: invalid regular expression: quantifier operand invalid [for Statement "SELECT bugs.bug_id, bugs.bug_severity, bugs.priority, bugs.bug_status, bugs.resolution, bugs.alias, bugs.bug_severity, bugs.priority, bugs.rep_platform, map_assigned_to.login_name, bugs.bug_status, bugs.resolution, bugs.short_desc FROM bugs LEFT JOIN bug_group_map ON bug_group_map.bug_id = bugs.bug_id LEFT JOIN cc ON cc.bug_id = bugs.bug_id AND cc.who = 199427 , profiles AS map_assigned_to, profiles AS map_reporter WHERE bugs.assigned_to = map_assigned_to.userid AND bugs.assigned_to = map_assigned_to.userid AND bugs.reporter = map_reporter.userid AND ((bugs.product_id IN (29)) AND (bugs.version IN ('current')) AND (bugs.bug_status IN ('NEW','ASSIGNED','REOPENED','MODIFIED')) AND ((LOWER(map_assigned_to.login_name) !~ LOWER('*redhat.com')) OR (LOWER(map_reporter.login_name) !~ LOWER('*redhat.com')))) AND ((bug_group_map.group_id IS NULL) OR bug_group_map.group_id IN (81,75,138,140,79,67,41,127,58,122,35,7,133,62,93,126,72,39,33,107,22,78,14,123,44,139,121,92,85,91,25,15,61,142,38) OR (bugs.reporter_accessible = 1 AND bugs.reporter = 199427) OR (bugs.cclist_accessible = 1 AND cc.who IS NOT NULL) OR (bugs.assigned_to = 199427) OR (bugs.qa_contact = 199427) ) GROUP BY bugs.bug_id, bugs.bug_id,bugs.bug_severity,bugs.priority,bugs.bug_status,bugs.resolution,bugs.alias,bugs.bug_severity,bugs.priority,bugs.rep_platform,map_assigned_to.login_name,bugs.bug_status,bugs.resolution,bugs.short_desc ORDER BY bugs.bug_status,bugs.priority,map_assigned_to.login_name,bugs.bug_id"] at Bugzilla/DB.pm line 71 Bugzilla::DB::SendSQL('SELECT bugs.bug_id, bugs.bug_severity, bugs.priority, bugs.bu...') called at /var/www/html/bugzilla/buglist.cgi line 651 Expected results: Query should work, or give an error that my regex is bad. Additional info: It looks like the regex field is going right into the SQL statement without sanitization. Also, maybe the text entry field should be called "contains" instead of "matches regex", since it just goes into a LOWER() for matching.
Created attachment 133397 [details] screenshot of settings to cause SQL error
'*' is not a valid quantifier in the regex language. You would need to instead type '.*redhat.com'. The problem here is that Bugzilla is not failing gracefully for misinterpreted regex patterns. I suppose it needs to at a minimum to substitute '.*' for any '*' characters that it finds as well as some of the other quanitifiers it uses. And/Or it needs to precompile the regex first before using in SQL and then fail with a descriptive error and make some possible suggestions. In the meantime, I tried your same query with '.*redhat.com' instead and all works fine with that.
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code. Updating bug version to 3.2.