[Rt-commit] rt branch, 4.4/tickets-invalid-query, created. rt-4.4.2-85-gafa3b3e63

? sunnavy sunnavy at bestpractical.com
Thu Mar 1 09:50:02 EST 2018


The branch, 4.4/tickets-invalid-query has been created
        at  afa3b3e6301c9291c211e48110aad18bc40a24da (commit)

- Log -----------------------------------------------------------------
commit afa3b3e6301c9291c211e48110aad18bc40a24da
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Thu Mar 1 21:37:32 2018 +0800

    fix the issue that invalid queries to FromSQL could pass validation
    
    An invalid query like:
    
        Status = 'open' and LastUpdated < yesterday
    
    could pass validation and be wrongly parsed as:
    
        SELECT main.* FROM Tickets main WHERE (main.IsMerged IS NULL) AND (main.Type = 'ticket') AND (main.Status = 'open')
    
    Since b68c84f0(Switch to parsing into a parse tree as an IR),
    RT::Tickets::_parser uses RT::Interface::Web::QueryBuilder::Tree to
    validate and parse queries, which doesn't "die" but returns errors if
    there are any found.
    
    _parser should directly "die" if errors are found in ::Tree->ParseSQL,
    especially that RT::Tickets::FromSQL relies on this "die" behavior to
    determine if the query is valid or not.

diff --git a/lib/RT/Tickets.pm b/lib/RT/Tickets.pm
index 73bf7f563..5d1570a80 100644
--- a/lib/RT/Tickets.pm
+++ b/lib/RT/Tickets.pm
@@ -3029,10 +3029,11 @@ sub _parser {
 
     require RT::Interface::Web::QueryBuilder::Tree;
     my $tree = RT::Interface::Web::QueryBuilder::Tree->new;
-    $tree->ParseSQL(
+    my @results = $tree->ParseSQL(
         Query => $string,
         CurrentUser => $self->CurrentUser,
     );
+    die join "; ", map { ref $_ eq 'ARRAY' ? $_->[ 0 ] : $_ } @results if @results;
 
     state ( $active_status_node, $inactive_status_node );
 

-----------------------------------------------------------------------


More information about the rt-commit mailing list