Hide Forgot
Description of problem: Performing search queries that contain single quotes ('), generates invalid SQL. This appears to be an issue in the scoped_search gem. This was observed using the scoped_search auto-complete feature. The auto-complete suggested the following as a search query; however, submitting that query generates an exception: description = "Association named 'user' was not found; perhaps you misspelled it?" Note: auto-complete should only suggest queries that are 'valid'. Version-Release number of selected component (if applicable): master How reproducible: always Steps to Reproduce: 1. perform a search query that contains single quotes. E.g. description = "this is an 'invalid' query" 2. 3. Actual results: Exception. Using the example from the description generates an error like: SQLite3::SQLException: near "user": syntax error: SELECT DISTINCT "notices".text FROM "notices" INNER JOIN "user_notices" ON "notices"."id" = "user_notices"."notice_id" INNER JOIN "users" ON "users"."id" = "user_notices"."user_id" WHERE "users"."id" = 3 AND (text LIKE 'Association named 'user' was not found; perhaps you misspelled it?%') LIMIT 20 Expected results: Valid search results returned. Additional info:
The bug was in the value auto completer of scoped_search. fixed up stream, commit #4e18d539c382470c01cc8bc6e06a8d3747f9e9f2
verified that the issue raised description above is no longer observable with scoped_search 2.3.6... that version of scoped_search gem has been pushed in to the git repos and should be available in an upcoming build.
mass ON_QA move
Mostly no longer applicable due to implementation of elasticsearch - but tested anyway in latest build; the issue no longer appears. QA Verified.
getting rid of 6.0.0 version since that doesn't exist