Searching/querying does not work if magic quotes enabled #49

Closed
asabhaney opened this Issue Oct 27, 2012 · 21 comments

Comments

Projects
None yet
4 participants
@asabhaney

Awesome app, very happy using it so far.

For some reason, I'm not able to run queries properly from the search field. The query is sent in the headers to the server, but the response just includes all documents in the collection.

For example, I have a users collection, and a specific document containing the attribute "firstName" with the value "Ajay". Searching { firstName: "Ajay" } returns all documents in the users collection.

What makes this issue even weirder is that if I simply type in a document id in the search field and hit the search button, that correctly returns the specified document.

I am running the current version of Genghis (2.1.2) on MAMP (PHP 5.3.6).

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Oct 27, 2012

Owner

That is strange. Search is working great at my end...

If you use an explicit ID search, rather than the implicit one you get by typing in the document ID, does it return the correct document?

{_id: ObjectId('...')}
Owner

bobthecow commented Oct 27, 2012

That is strange. Search is working great at my end...

If you use an explicit ID search, rather than the implicit one you get by typing in the document ID, does it return the correct document?

{_id: ObjectId('...')}
@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Oct 27, 2012

No, oddly enough, explicitly searching using the document ID does not work either (it returns all documents in the collection). Only implicit searches using the document ID seem to work.

No, oddly enough, explicitly searching using the document ID does not work either (it returns all documents in the collection). Only implicit searches using the document ID seem to work.

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Oct 27, 2012

Owner

Wow. That's really strange... What version of MongoDB and which PECL driver version are you running?

Owner

bobthecow commented Oct 27, 2012

Wow. That's really strange... What version of MongoDB and which PECL driver version are you running?

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Oct 28, 2012

Owner

What's really strange is that it shouldn't ever return all documents in the collection. If anything, it should return no documents at all if the query doesn't work. The only think I can think is that the query is getting stripped entirely, but that doesn't make much sense.

Owner

bobthecow commented Oct 28, 2012

What's really strange is that it shouldn't ever return all documents in the collection. If anything, it should return no documents at all if the query doesn't work. The only think I can think is that the query is getting stripped entirely, but that doesn't make much sense.

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Oct 28, 2012

Owner

Try doing a search with a well-formed JSON query, something like:

{"firstName": "Ajay"}
Owner

bobthecow commented Oct 28, 2012

Try doing a search with a well-formed JSON query, something like:

{"firstName": "Ajay"}
@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Oct 28, 2012

I'm using PEAR 1.9.4 I believe, with the Mongo PHP driver version 1.2.12. I am using an SSH tunnel to connect to my Mongo database, which resides on an external server, although I doubt that makes a difference. The version of Mongo sitting on my external server is 2.2.0.

Using proper JSON does not work either, as the query defaults to not using quotes around the attribute name(s).

I'll keep digging.

I'm using PEAR 1.9.4 I believe, with the Mongo PHP driver version 1.2.12. I am using an SSH tunnel to connect to my Mongo database, which resides on an external server, although I doubt that makes a difference. The version of Mongo sitting on my external server is 2.2.0.

Using proper JSON does not work either, as the query defaults to not using quotes around the attribute name(s).

I'll keep digging.

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Oct 28, 2012

Encoding the address bar URL to use quotes around the attribute name(s) has no effect either, all documents are still returned.

For example, I tried:
[...]?q=%7B%22firstName%22%3A%22Ajay%22%7D

Encoding the address bar URL to use quotes around the attribute name(s) has no effect either, all documents are still returned.

For example, I tried:
[...]?q=%7B%22firstName%22%3A%22Ajay%22%7D

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Oct 28, 2012

Poking around the code...at the top of the function findDocuments, the value of the variable $query appears to be:

{\"firstName\":\"Ajay\"}

But then, after trying to decode the query string, $query becomes an empty array. However, no Genghis_JsonException exception is thrown.

Poking around the code...at the top of the function findDocuments, the value of the variable $query appears to be:

{\"firstName\":\"Ajay\"}

But then, after trying to decode the query string, $query becomes an empty array. However, no Genghis_JsonException exception is thrown.

@pavelg

This comment has been minimized.

Show comment
Hide comment
@pavelg

pavelg Oct 31, 2012

Anybody knows how to search the by embedded or referenced document?
F.x. {document.id: someId}

console gives the error:

Uncaught Error: 1 parse error script.js:18
throwErrors script.js:18
Genghis.JSON.parse script.js:18
Genghis.JSON.normalize script.js:18
Genghis.Views.Search.Backbone.View.extend.findDocuments script.js:19
Genghis.Views.Search.Backbone.View.extend.findDocumentsAdvanced script.js:19
v.event.dispatch script.js:11
o.handle.u

pavelg commented Oct 31, 2012

Anybody knows how to search the by embedded or referenced document?
F.x. {document.id: someId}

console gives the error:

Uncaught Error: 1 parse error script.js:18
throwErrors script.js:18
Genghis.JSON.parse script.js:18
Genghis.JSON.normalize script.js:18
Genghis.Views.Search.Backbone.View.extend.findDocuments script.js:19
Genghis.Views.Search.Backbone.View.extend.findDocumentsAdvanced script.js:19
v.event.dispatch script.js:11
o.handle.u

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Oct 31, 2012

Owner

You have to quote keys if they have dots in them (just like in JavaScript or the mongo cli shell):

{'document.id': 123}
Owner

bobthecow commented Oct 31, 2012

You have to quote keys if they have dots in them (just like in JavaScript or the mongo cli shell):

{'document.id': 123}
@pavelg

This comment has been minimized.

Show comment
Hide comment
@pavelg

pavelg Oct 31, 2012

That worked! thanks a ton!
embedded docs - {'document.id': 123}
referenced docs - {'document.$id': 123}

pavelg commented Oct 31, 2012

That worked! thanks a ton!
embedded docs - {'document.id': 123}
referenced docs - {'document.$id': 123}

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Nov 1, 2012

Haven't had a chance to debug this (the original issue) further yet, I'll try and have another look in the next day or two

Haven't had a chance to debug this (the original issue) further yet, I'll try and have another look in the next day or two

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Nov 1, 2012

Hey, had a chance to quickly have a crack at this.

So like I said before, I debugged using the query:

{ firstName : "Ajay" }

At the top of the function findDocuments, the value of the variable $query appears to be:

{\"firstName\":\"Ajay\"}

But then, after trying to decode the query string, $query becomes an empty array. No Genghis_JsonException exception is thrown.

It seems that if I pass the variable $query through the PHP function stripslashes, it works perfectly fine:

$query = stripslashes($query); 

And queries now return the appropriate document(s).

Hey, had a chance to quickly have a crack at this.

So like I said before, I debugged using the query:

{ firstName : "Ajay" }

At the top of the function findDocuments, the value of the variable $query appears to be:

{\"firstName\":\"Ajay\"}

But then, after trying to decode the query string, $query becomes an empty array. No Genghis_JsonException exception is thrown.

It seems that if I pass the variable $query through the PHP function stripslashes, it works perfectly fine:

$query = stripslashes($query); 

And queries now return the appropriate document(s).

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Nov 1, 2012

Owner

Oh wow. Do you have magic quotes on?

Owner

bobthecow commented Nov 1, 2012

Oh wow. Do you have magic quotes on?

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Nov 1, 2012

Gah, yeah it seems magic_quotes_gpc is on. That's really weird considering I never turned it on and also since it's deprecated as of version 5.3 I believe. Must be a MAMP thing...

Gah, yeah it seems magic_quotes_gpc is on. That's really weird considering I never turned it on and also since it's deprecated as of version 5.3 I believe. Must be a MAMP thing...

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Nov 1, 2012

Owner

And if you turn it back off, it works?

I'll add one of those annoying yellow messages telling you that you need to turn it off. It's almost 2013, there's no way I'm going to add conditional stripslashes calls to Genghis :)

Owner

bobthecow commented Nov 1, 2012

And if you turn it back off, it works?

I'll add one of those annoying yellow messages telling you that you need to turn it off. It's almost 2013, there's no way I'm going to add conditional stripslashes calls to Genghis :)

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Nov 1, 2012

Owner

How's this?

magic quotes deprecated notice

Think that'll get the point across? :)

Owner

bobthecow commented Nov 1, 2012

How's this?

magic quotes deprecated notice

Think that'll get the point across? :)

@crueber

This comment has been minimized.

Show comment
Hide comment
@crueber

crueber Nov 1, 2012

FTW. 👍

crueber commented Nov 1, 2012

FTW. 👍

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Nov 1, 2012

Wicked.

And yeah, it works fine if I disable magic quotes.

Thanks for the discussion Justin, hopefully I didn't waste too much of your time.

Wicked.

And yeah, it works fine if I disable magic quotes.

Thanks for the discussion Justin, hopefully I didn't waste too much of your time.

@asabhaney

This comment has been minimized.

Show comment
Hide comment
@asabhaney

asabhaney Nov 1, 2012

I've updated the thread title to be more accurate

I've updated the thread title to be more accurate

@bobthecow bobthecow closed this in f0dbb03 Nov 1, 2012

@bobthecow

This comment has been minimized.

Show comment
Hide comment
@bobthecow

bobthecow Nov 1, 2012

Owner

@asabhaney Thanks for your help. Once v2.1.4 is out I (hopefully) won't ever run into this problem again, so it was worthwhile :)

Owner

bobthecow commented Nov 1, 2012

@asabhaney Thanks for your help. Once v2.1.4 is out I (hopefully) won't ever run into this problem again, so it was worthwhile :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment