Closed
Bug 461729
Opened 16 years ago
Closed 16 years ago
[PostgreSQL] Incorrect SQL is generated when searching for keywords with dashes in them
Categories
(Bugzilla :: Database, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.0
People
(Reporter: emmanuel, Assigned: LpSolit)
References
()
Details
Attachments
(1 file)
891 bytes,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
Running the QA tests, I had the keywords one fail because Bugzilla generated incorrect SQL. Tracking down the error, I realize the line responsible for the error is this one (in Bugzilla/Search.pm) : $word = $dbh->quote(quotemeta($word)); The following line : perl -MBugzilla -e '$dbh = Bugzilla->dbh; print $dbh->quote(quotemeta("key-selenium-ktwo"))' gives the following result : E'key\\-selenium\\-ktwo' when 'key\\-selenium\\-ktwo' is expected. The results makes the SQL query incorrect and Bugzilla dies with an internal server error. This only occurs when using Pg as a database and only when the keyword has a '-' in it. LpSolit wasn't able to reproduce the error so I suspect it's a bug in DBD::Pg and not in Bugzilla. This is on a Fedora 9 with all updates : fedora-release-9-5.transition.noarch postgresql-8.3.4-1.fc9.i386 perl-DBD-Pg-2.10.0-1.fc9.i386
Assignee | ||
Comment 1•16 years ago
|
||
Actually, I can reproduce. I just tried again now, and both tip and 3.2 fail.
Severity: normal → major
Flags: blocking3.2?
Target Milestone: --- → Bugzilla 3.2
Reporter | ||
Comment 2•16 years ago
|
||
(In reply to comment #1) > > Actually, I can reproduce. I just tried again now, and both tip and 3.2 fail. What version of DBD::Pg are you using ?
Assignee | ||
Comment 3•16 years ago
|
||
(In reply to comment #2) > What version of DBD::Pg are you using ? * This is Bugzilla 3.3 on perl 5.10.0 Checking for DBD-Pg (v1.45) ok: found v2.10.3 Checking for PostgreSQL (v8.00.0000) ok: found v08.03.0400 Also, I can reproduce on 3.0 and 2.22.5, so it seems that either Pg has a problem, or quotemeta() in Perl 5.10 is broken.
Flags: blocking3.0.6?
Flags: blocking2.22.6?
Target Milestone: Bugzilla 3.2 → Bugzilla 2.22
Version: 3.2 → 2.22.5
Assignee | ||
Comment 4•16 years ago
|
||
(In reply to comment #0) > $word = $dbh->quote(quotemeta($word)); You know what? I suspect that $word is over-escaped.
Comment 5•16 years ago
|
||
This may be a bug in DBD::Pg 2.x, which is a fairly new series of releases and is not in common use. And yes, that does look kind of over-escaped to me.
Severity: major → normal
Flags: blocking3.2?
Flags: blocking3.2+
Flags: blocking3.0.6?
Flags: blocking3.0.6-
Flags: blocking2.22.6?
Flags: blocking2.22.6-
Summary: Incorrect SQL is generated by Bugzilla/Search.pm → [PostgreSQL] Incorrect SQL is generated when searching for keywords
Assignee | ||
Comment 6•16 years ago
|
||
(In reply to comment #5) > This may be a bug in DBD::Pg 2.x, which is a fairly new series of releases and > is not in common use. I'm pretty sure DBD::Pg 2.x is in all newer distros. It's already in Fedora and Mandriva, and I'm mostly sure the coming OpenSUSE and Ubuntu have it.
Reporter | ||
Comment 7•16 years ago
|
||
The weird thing is that quotemeta("key-selenium-ktwo") returns "key\-selenium\-ktwo" and quote("key\-selenium\-ktwo") returns 'key-selenium-ktwo' (the expected result). Yet somehow, quote(quotemeta("key-selenium-ktwo")) returns "E'key\\-selenium\\-ktwo'".
Assignee | ||
Comment 8•16 years ago
|
||
When you read http://rt.cpan.org/Public/Bug/Display.html?id=39390, nobody seems surprised to see E' in front of the quoted string.
Assignee | ||
Comment 9•16 years ago
|
||
For the record, this code was originally in buglist.cgi: 1.70 <terry@mozilla.org> 2000-01-22 09:50 Patch by Christine Begle <cbegle@mozilla.org>, with heavy modifications by me -- let you query for "any words" and "all words", as well as the existing substring and regexp stuff. It has no bug ID, and so we don't have a chance why quotemeta() is used. Could it mean that $dbh->quote() alone doesn't escape all required characters correctly to be used in a regexp?
Assignee | ||
Comment 10•16 years ago
|
||
I reported the bug upstream: http://rt.cpan.org/Ticket/Display.html?id=40440
Assignee | ||
Comment 11•16 years ago
|
||
I followed what was suggested in the bug reported upstream about DBD::Pg. I tested on both Pg and MySQL, and it's working fine.
Assignee: database → LpSolit
Status: NEW → ASSIGNED
Attachment #345196 -
Flags: review?(mkanat)
Attachment #345196 -
Flags: review?(eseyman)
Updated•16 years ago
|
Attachment #345196 -
Flags: review?(mkanat)
Attachment #345196 -
Flags: review?(eseyman)
Attachment #345196 -
Flags: review+
Comment 12•16 years ago
|
||
Comment on attachment 345196 [details] [diff] [review] patch, v1 Yes, that makes much more sense anyhow. By the way, why aren't we using "\b" here instead of all that? (Maybe the DBs don't support \b?)
Comment 13•16 years ago
|
||
2.22 is locked to security fixes only, and this is not a security fix.
Flags: approval3.2+
Flags: approval3.0+
Flags: approval2.22-
Flags: approval+
Target Milestone: Bugzilla 2.22 → Bugzilla 3.0
Assignee | ||
Comment 14•16 years ago
|
||
Yeah, I'm not sure \b is supported. Either that or this is old code for old DBs. tip: Checking in Bugzilla/Search.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v <-- Search.pm new revision: 1.166; previous revision: 1.165 done 3.2rc1: Checking in Bugzilla/Search.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v <-- Search.pm new revision: 1.159.2.5; previous revision: 1.159.2.4 done 3.0.5: Checking in Bugzilla/Search.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v <-- Search.pm new revision: 1.145.2.3; previous revision: 1.145.2.2 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Summary: [PostgreSQL] Incorrect SQL is generated when searching for keywords → [PostgreSQL] Incorrect SQL is generated when searching for keywords with dashes in them
You need to log in
before you can comment on or make changes to this bug.
Description
•