Bug 745503 - scoped_search - doesn't support queries containing single quotes
Summary: scoped_search - doesn't support queries containing single quotes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: WebUI
Version: 6.0.1
Hardware: Unspecified
OS: Unspecified
low
low vote
Target Milestone: Unspecified
Assignee: Amos Benari
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-10-12 14:32 UTC by Brad Buckingham
Modified: 2019-09-26 13:22 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 18:00:33 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Brad Buckingham 2011-10-12 14:32:36 UTC
Description of problem:

Performing search queries that contain single quotes ('), generates invalid SQL.  This appears to be an issue in the scoped_search gem.

This was observed using the scoped_search auto-complete feature.  The auto-complete suggested the following as a search query; however, submitting that query generates an exception:

description  =  "Association named 'user' was not found; perhaps you misspelled it?"

Note: auto-complete should only suggest queries that are 'valid'.

Version-Release number of selected component (if applicable):
master

How reproducible:
always

Steps to Reproduce:
1. perform a search query that contains single quotes.  E.g. description = "this is an 'invalid' query"
2.
3.
  
Actual results:
Exception.  Using the example from the description generates an error like:

SQLite3::SQLException: near "user": syntax error: SELECT DISTINCT "notices".text FROM "notices" INNER JOIN "user_notices" ON "notices"."id" = "user_notices"."notice_id" INNER JOIN "users" ON "users"."id" = "user_notices"."user_id" WHERE "users"."id" = 3 AND (text LIKE 'Association named 'user' was not found; perhaps you misspelled it?%') LIMIT 20


Expected results:

Valid search results returned.

Additional info:

Comment 1 Amos Benari 2011-10-18 22:37:07 UTC
The bug was in the value auto completer of scoped_search.
fixed up stream, commit #4e18d539c382470c01cc8bc6e06a8d3747f9e9f2

Comment 2 Brad Buckingham 2011-11-14 21:06:05 UTC
verified that the issue raised description above is no longer observable with scoped_search 2.3.6... that version of scoped_search gem has been pushed in to the git repos and should be available in an upcoming build.

Comment 3 Mike McCune 2012-01-26 19:07:47 UTC
mass ON_QA move

Comment 5 Corey Welton 2012-02-10 13:36:38 UTC
Mostly no longer applicable due to implementation of elasticsearch - but tested anyway in latest build; the issue no longer appears. QA Verified.

Comment 7 Mike McCune 2013-08-16 18:02:44 UTC
getting rid of 6.0.0 version since that doesn't exist


Note You need to log in before you can comment on or make changes to this bug.