Re: [rt-users] Search Query Builder Issues (Space Encoding?)
Thanks Landon, That was essentially the issue. On investigation I found some apparent input validation / sanitization in the RT search function (/opt/rt4/share/html/Search/Build.html) that was not present in the RTIR search functionality that was wrapping custom fields with a ' before passing them to the RT query builder. if ($keyword =~ s/(['\\])/\\$1/g or $keyword =~ /[^{}\w\.]/) { $keyword = '$keyword'; } Patched it into the corresponding RTIR page (ProcessQuery) at the same point in the logic flow, and now the RTIR search works like a charm. Rich On Thu, Mar 19, 2015 at 4:25 PM, Landon Stewart lstew...@iweb.com wrote: On Mar 19, 2015, at 8:20 AM, Richard Stevens piratef...@gmail.com wrote: ... The end result is: [25773] [Thu Mar 19 14:56:10 2015] [error]: Wrong query, expecting a OPERATOR in 'Queue = 'Incident Reports' AND CF.{Affected Users}--here LIKE 'frog'' at /opt/rt4/sbin/../lib/RT/SQL.pm line 130. Has anyone observed this type of behaviour? Hi Richard, I had this problem just the other day actually. You must enclose CF.{...} in single quotes when ... has a space in it. Instead of: CF.{Affected Users} Do this: 'CF.{Affected Users}' Also to see what you are looking at in plain text you can visit the full URL and then change RTIR/Search/Results.html to /Search/Build.html and then click Advanced on the top right. The Query box will give you the plain text of the search you are performing for any given URL. Landon Stewart : lstew...@iweb.com Lead Specialist, Abuse and Security Management Spécialiste principal, gestion des abus et sécurité http://iweb.com : +1 (888) 909-4932
Re: [rt-users] Search Query Builder Issues (Space Encoding?)
Thanks Alex, I had thought it was intermittent, but after some more troubleshooting it appears that the intermittent is the switch in context between the RT (works) and RTIR (does not) search pages (if searches are started from Search--Tickets--New Search) when it identifies the search against an RTIR queue. The issue happens consistently if I use RTIR--Search--New Search. If I intercept the RTIR search request and append a Queue=Incident+Reports to the form submission it does change the behaviour so after adding the entry you can search (with no results), and Edit Search returns the original error: [image: Inline image 2] You were spot on on the encoding - same behaviour on the page regardless of how the spaces are communicated (Confirmed it doesn't happen for custom fields without spaces in the name). Thanks, Rich On Thu, Mar 19, 2015 at 1:25 PM, Alex Vandiver ale...@bestpractical.com wrote: On Thu, 19 Mar 2015 11:20:51 -0400 Richard Stevens piratef...@gmail.com wrote: Hello, We recently upgrades to RT 4.2.10 / RT-IR-3.2.0 and I'm seeing intermittent issues on search commands involving custom fields with spaces: [snip] The spaces are a red herring. The actual difference is that the working one includes Queue=Incident+Reports. Where is the latter query being generated from? - Alex
[rt-users] Search Query Builder Issues (Space Encoding?)
Hello, We recently upgrades to RT 4.2.10 / RT-IR-3.2.0 and I'm seeing intermittent issues on search commands involving custom fields with spaces: RTIR/Search/Results.html?Format=%27%3Cb%3E%3Ca+href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__id__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3A%23%27%2C%0A%27%3Cb%3E%3Ca+href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__Subject__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3ASubject%27%2C%0AStatus%2C%0AQueueName%2C%0AOwner%2C%0APriority%2C%0A%27__NEWLINE__%27%2C%0A%27__NBSP__%27%2C%0A%27%3Csmall%3E__Requestors__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__CreatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__ToldRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__LastUpdatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__TimeLeft__%3C%2Fsmall%3E%27Order=ASC%7CASC%7CASC%7CASCOrderBy=id%7C%7C%7CQuery=Queue+%3D+%27Incident+Reports%27+AND+%27CF.%7BAffected+Users%7D%27+LIKE+%27frog%27Queue=Incident+ReportsRowsPerPage=50 Works, /RTIR/Search/Results.html?Format=%27%3Cb%3E%3Ca%20href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__id__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3A%23%27%2C%0A%27%3Cb%3E%3Ca%20href%3D%22__WebPath__%2FTicket%2FDisplay.html%3Fid%3D__id__%22%3E__Subject__%3C%2Fa%3E%3C%2Fb%3E%2FTITLE%3ASubject%27%2C%0AStatus%2C%0AQueueName%2C%0AOwner%2C%0APriority%2C%0A%27__NEWLINE__%27%2C%0A%27__NBSP__%27%2C%0A%27%3Csmall%3E__Requestors__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__CreatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__ToldRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__LastUpdatedRelative__%3C%2Fsmall%3E%27%2C%0A%27%3Csmall%3E__TimeLeft__%3C%2Fsmall%3E%27Order=ASC%7CASC%7CASC%7CASCOrderBy=id%7C%7C%7CQuery=Queue%20%3D%20%27Incident%20Reports%27%20AND%20CF.%7BAffected%20Users%7D%20LIKE%20%27frog%27RowsPerPage=50 Does not (Both are generated by the search query builder at different times - I'm unsure whats causing the different form encodings, same behaviour in multiple browsers) - the only apparent distinction is the space URL encoding of %20 (doesn't work) vs the HTTP + (works). The end result is: [25773] [Thu Mar 19 14:56:10 2015] [error]: Wrong query, expecting a OPERATOR in 'Queue = 'Incident Reports' AND CF.{Affected Users}--here LIKE 'frog'' at /opt/rt4/sbin/../lib/RT/SQL.pm line 130. Has anyone observed this type of behaviour? Rich