[Rt-commit] rt branch, 4.4/tickets-invalid-query, created. rt-4.4.2-85-gafa3b3e63
? sunnavy
sunnavy at bestpractical.com
Thu Mar 1 09:50:02 EST 2018
The branch, 4.4/tickets-invalid-query has been created
at afa3b3e6301c9291c211e48110aad18bc40a24da (commit)
- Log -----------------------------------------------------------------
commit afa3b3e6301c9291c211e48110aad18bc40a24da
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Mar 1 21:37:32 2018 +0800
fix the issue that invalid queries to FromSQL could pass validation
An invalid query like:
Status = 'open' and LastUpdated < yesterday
could pass validation and be wrongly parsed as:
SELECT main.* FROM Tickets main WHERE (main.IsMerged IS NULL) AND (main.Type = 'ticket') AND (main.Status = 'open')
Since b68c84f0(Switch to parsing into a parse tree as an IR),
RT::Tickets::_parser uses RT::Interface::Web::QueryBuilder::Tree to
validate and parse queries, which doesn't "die" but returns errors if
there are any found.
_parser should directly "die" if errors are found in ::Tree->ParseSQL,
especially that RT::Tickets::FromSQL relies on this "die" behavior to
determine if the query is valid or not.
diff --git a/lib/RT/Tickets.pm b/lib/RT/Tickets.pm
index 73bf7f563..5d1570a80 100644
--- a/lib/RT/Tickets.pm
+++ b/lib/RT/Tickets.pm
@@ -3029,10 +3029,11 @@ sub _parser {
require RT::Interface::Web::QueryBuilder::Tree;
my $tree = RT::Interface::Web::QueryBuilder::Tree->new;
- $tree->ParseSQL(
+ my @results = $tree->ParseSQL(
Query => $string,
CurrentUser => $self->CurrentUser,
);
+ die join "; ", map { ref $_ eq 'ARRAY' ? $_->[ 0 ] : $_ } @results if @results;
state ( $active_status_node, $inactive_status_node );
-----------------------------------------------------------------------
More information about the rt-commit
mailing list