[rt-users] Search Query Builder Issues (Space Encoding?)

[Richard Stevens]

Thanks Landon,

That was essentially the issue.

On investigation I found some apparent input validation / sanitization in
the RT search function (/opt/rt4/share/html/Search/Build.html) that was not
present in the RTIR search functionality that was wrapping custom fields
with a ' before passing them to the RT query builder.

        if ($keyword =~ s/(['\\])/\\$1/g or $keyword =~ /[^{}\w\.]/) {
            $keyword = "'$keyword'";
        }

Patched it into the corresponding RTIR page (ProcessQuery) at the same
point in the logic flow, and now the RTIR search works like a charm.

Rich

On Thu, Mar 19, 2015 at 4:25 PM, Landon Stewart <lstewart at iweb.com> wrote:

> On Mar 19, 2015, at 8:20 AM, Richard Stevens <piratefrog at gmail.com> wrote:
> > ...
> > The end result is:
> >
> > [25773] [Thu Mar 19 14:56:10 2015] [error]: Wrong query, expecting a
> OPERATOR in 'Queue = 'Incident Reports' AND CF.{Affected >Users}<--here
> LIKE 'frog'' at /opt/rt4/sbin/../lib/RT/SQL.pm line 130.
> >
> > Has anyone observed this type of behaviour?
>
> Hi Richard,
>
> I had this problem just the other day actually.  You must enclose CF.{...}
> in single quotes when ... has a space in it.
>
> Instead of:  CF.{Affected Users}
> Do this: 'CF.{Affected Users}'
>
> Also to see what you are looking at in plain text you can visit the full
> URL and then change RTIR/Search/Results.html to /Search/Build.html and then
> click "Advanced" on the top right.  The "Query" box will give you the plain
> text of the search you are performing for any given URL.
>
> Landon Stewart : lstewart at iweb.com
> Lead Specialist, Abuse and Security Management
> Spécialiste principal, gestion des abus et sécurité
> http://iweb.com : +1 (888) 909-4932
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150326/77c5a652/attachment.htm>