Possible duplicate search doesn't return any results if you input "a->b" (for any a/b)

RESOLVED FIXED in Bugzilla 5.0

Status

()

defect
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: Gijs, Assigned: glob)

Tracking

unspecified
Bugzilla 5.0
Bug Flags:
approval +
approval5.0 +

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Probably an HTML escaping issue? Marking s-s until we're sure this isn't exploitable in any way (I expect not, but even so, better safe than sorry, yada yada).
(Assignee)

Comment 1

5 years ago
what do you mean by "breaks" exactly?

when i try this, i don't see any error messages, and the search appears to execute correctly.
Flags: needinfo?(gijskruitbosch+bugs)
(Reporter)

Comment 2

5 years ago
(In reply to Byron Jones ‹:glob› from comment #1)
> what do you mean by "breaks" exactly?
> 
> when i try this, i don't see any error messages, and the search appears to
> execute correctly.

I mean there are never any results.
Flags: needinfo?(gijskruitbosch+bugs)
(Reporter)

Comment 3

5 years ago
In particular, on:

https://bugzilla.mozilla.org/enter_bug.cgi?product=bugzilla.mozilla.org&component=Extensions%3A%20GuidedBugEntry

if I put in:

"Guided bug flow should"

I get a number of results.

If I put in:

"Guided bug flow->should"

or

"Guided bug flow should top->bottom"

I get 0 results.
(Assignee)

Comment 4

5 years ago
this looks like bad quoting when generating the full-text search query.

the following sql is generated:
> MATCH(bugs_fulltext.short_desc) AGAINST('\\"guided|should|a->b\\"' IN BOOLEAN MODE)
it should be:
> MATCH(bugs_fulltext.short_desc) AGAINST('guided|should|\\"a->b\\"' IN BOOLEAN MODE)

i suspect B::DB::Mysql::sql_fulltext_search() needs to split $text on boolean operators before quoting un-quoted compound words.
Assignee: nobody → database
Group: bugzilla-security
Component: Extensions: GuidedBugEntry → Database
OS: Mac OS X → All
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: default-qa
Hardware: x86 → All
Summary: Duplicate search breaks if you input "a->b" (for any a/b) → Possible duplicate search doesn't return any results if you input "a->b" (for any a/b)
Version: Production → unspecified
(Reporter)

Comment 5

4 years ago
(In reply to Byron Jones ‹:glob› from comment #4)
> this looks like bad quoting when generating the full-text search query.
> 
> the following sql is generated:
> > MATCH(bugs_fulltext.short_desc) AGAINST('\\"guided|should|a->b\\"' IN BOOLEAN MODE)
> it should be:
> > MATCH(bugs_fulltext.short_desc) AGAINST('guided|should|\\"a->b\\"' IN BOOLEAN MODE)
> 
> i suspect B::DB::Mysql::sql_fulltext_search() needs to split $text on
> boolean operators before quoting un-quoted compound words.

Does this also explain that the same thing happens for e.g.:

"Remove timeouts for panel hiding/showing listeners in browser/**/head.js"

? (removing the double '**' fixes this)
(Assignee)

Comment 6

4 years ago
(In reply to :Gijs Kruitbosch from comment #5)
> Does this also explain that the same thing happens for e.g.:
> "Remove timeouts for panel hiding/showing listeners in browser/**/head.js"
> ? (removing the double '**' fixes this)

yes, that's the same issue.
(Assignee)

Comment 7

4 years ago
Assignee: database → glob
Status: NEW → ASSIGNED
Attachment #8552956 - Flags: review?(dylan)
Comment on attachment 8552956 [details] [diff] [review]
1088086_1.patch

Review of attachment 8552956 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan
Attachment #8552956 - Flags: review?(dylan) → review+
(Reporter)

Comment 9

4 years ago
Did this not land yet?

I'm also seeing issues when my summary is:

Reader mode offered on index/"home" pages rather than articles


Is that the same bug, or should I file a new one?
Flags: needinfo?(glob)
(Assignee)

Comment 10

4 years ago
(In reply to :Gijs Kruitbosch from comment #9)
> Did this not land yet?

this is an upstream "bugzilla the product" bug so even if it were marked as resolved/fixed, it doesn't mean it will automatically be deployed to bmo.

dylan forgot to ask for approval, so this bug was sitting in upstream limbo.


sorry about that; requesting approval (from myself); i'll circle back around to this once this coffee starts working and ensure it's committed to the bmo repo as well as bugzilla itself.
Flags: needinfo?(glob)
Flags: approval?
Flags: approval5.0?
(Assignee)

Comment 11

4 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   9ec7ae7..720e7d4  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   16009fb..9f1e365  5.0 -> 5.0

and bmo:

To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   ac997a9..3978f0c  master -> master
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval+
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 5.0
You need to log in before you can comment on or make changes to this bug.