937165 - Searches that break ts_query give DatabaseErrors on search

Status: RESOLVED FIXED

(Webtools Graveyard :: Air Mozilla, defect, P2)

Description

[Peter Bengtsson [:peterbe]]

This for example:
https://errormill.mozilla.org/webtools/airmozilla-prod/group/143083/

Happens when someone searches for `"><img|src=x|onerror=prompt(1)>`

Comment 1

[Peter Bengtsson [:peterbe]]

Here's another one that breaks it: `' OR sqlspider`

Comment 2

[[github robot]]

Commit pushed to master at https://github.com/mozilla/airmozilla

https://github.com/mozilla/airmozilla/commit/7e091f9ae7bff9e28b6a0268dfbb5cf9f0e1a36d
fixes bug 937165 - Searches that break ts_query give DatabaseErrors on search

Comment 4

[Peter Bengtsson [:peterbe]]

This isn't handled correctly::

  1" onmouseover=prompt(931357) bad="

Comment 5

[Peter Bengtsson [:peterbe]]

Better paste hopefully: /search/?q=1"+onmouseover%3Dprompt(931357)+bad%3D"

Comment 6

[[github robot]]

Commit pushed to master at https://github.com/mozilla/airmozilla

https://github.com/mozilla/airmozilla/commit/3b252fcdf1a006594587cd1458336c7766124c12
fixes bug 937165 - Searches that break ts_query give DatabaseErrors on search