Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ORM] Error: Uncaught SS_DatabaseException on specific search string #1452

Closed
eolant opened this issue Apr 12, 2016 · 5 comments
Closed

[ORM] Error: Uncaught SS_DatabaseException on specific search string #1452

eolant opened this issue Apr 12, 2016 · 5 comments
Labels
type/bug

Comments

@eolant
Copy link

eolant commented Apr 12, 2016

SS 3.2.0-3.3.1 - standard installation through composer.
Search is enabled using FulltextSearchable::enable();
If search string ends with > e.g. hello> SS throws error:

[User Error] Uncaught SS_DatabaseException: Couldn't run query: SELECT DISTINCT count(*) FROM "SiteTree_Live" WHERE ( MATCH (Title, MenuTitle, Content, MetaDescription) AGAINST ('hello>*' IN BOOLEAN MODE) + MATCH (Title, MenuTitle, Content, MetaDescription) AGAINST ('hello>*' IN BOOLEAN MODE) AND ShowInSearch 0) syntax error, unexpected $end, expecting FTS_TERM or FTS_NUMB or '*'
GET /home/SearchForm?Search=hello%3E&action_results=L
Line 55 in /Users/vitaly/www/sstest/framework/model/connect/DBConnector.php
@kinglozzer
Copy link
Member

Similar issue to silverstripe/silverstripe-framework#3212 perhaps?

@tractorcow
Copy link
Contributor

Yes, similar issue, but new proof of concept. :D

@tractorcow tractorcow mentioned this issue Apr 18, 2016
Closed
@sminnee
Copy link
Member

sminnee commented Oct 8, 2018

See also silverstripe/silverstripe-framework#3212

@sminnee sminnee changed the title Error: Uncaught SS_DatabaseException on specific search string [ORM] Error: Uncaught SS_DatabaseException on specific search string Oct 8, 2018
sminnee pushed a commit to sminnee/silverstripe-cms that referenced this issue Nov 9, 2018
MINOR: Add tests for some search-form fixes
1bfae31 
These 2 tests validate that the following bugs have been fixed.

silverstripe/silverstripe-framework#3212
silverstripe#1452
@sminnee sminnee mentioned this issue Nov 9, 2018
Merged
@sminnee
Copy link
Member

sminnee commented Nov 9, 2018

I've added a test for this to 4.x-dev and it appears to be fixed; can we confirm that? #2320

sminnee pushed a commit to sminnee/silverstripe-cms that referenced this issue Nov 9, 2018
MINOR: Add tests for some search-form fixes
5e3068b 
These 2 tests validate that the following bugs have been fixed.

silverstripe/silverstripe-framework#3212
silverstripe#1452
@maxime-rainville
Copy link
Contributor

#2320 addressed the issue for SS4.

Unfortunately, SilverStripe 3 has entered limited support in June 2018. This means we'll only be fixing critical bugs and security issues for SilverStripe 3 going forward.

You can read the SilverStripe Roadmap for more information on our support commitments.

chillu added a commit to open-sausages/silverstripe-cms that referenced this issue Apr 8, 2020
@chillu
FIX Remove searchEngine() test that's using API wrong
dd839ca 
Required to allow InnoDB usage, see silverstripe/silverstripe-framework#9454.

This came up in silverstripe#1452, and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
chillu added a commit to open-sausages/silverstripe-framework that referenced this issue Apr 8, 2020
@chillu
DOC Clarify sanitisation in searchEngine() under boolean mode
0215fdd 
This came up in silverstripe/silverstripe-cms#1452, and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sminnee @tractorcow @maxime-rainville @eolant @kinglozzer