Closed Bug 997281 Opened 8 years ago Closed 8 years ago
Search operators can short-circuit each other depending on which ones are tested first
When testing votes<=2 in the QuickSearch field, I get random results on each call: 1) most of the time, I get: There is a problem with your search: votes< is not a valid field name. 2) sometimes, I get: Votes: (is less than) =2 3) sometimes, I get: Votes: (is less than or equal to) 2 3) is the expected behavior. 1) and 2) indicate bad parsing. The reason of this random behavior is that Perl 5.18 introduced real randomization when playing with hashes, see http://search.cpan.org/~rjbs/perl-5.18.0/pod/perldelta.pod#Hash_randomization "Hash randomization The seed used by Perl's hash function is now random. This means that the order which keys/values will be returned from functions like keys(), values(), and each() will differ from run to run. This change was introduced to make Perl's hashes more robust to algorithmic complexity attacks, and also because we discovered that it exposes hash ordering dependency bugs and makes them easier to track down." In Bugzilla::Search::Quicksearch::_handle_field_names(), testing the <, > or = operators before <=, >= or != short-circuits the latter, making Bugzilla to incorrectly parse strings and report them as invalid fields (or values). To work around this problem, longer operators should be tested first.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Attachment #8407643 - Flags: review?(justdave)
Attachment #8407643 - Flags: review?(justdave) → review+
To ssh://email@example.com/bugzilla/bugzilla.git 060fa90..23bad39 master -> master
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.