Project

General

Profile

Actions

Bug #27760

closed

Quoting issues with search words

Added by Anonymous over 13 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Category:
Indexed Search
Target version:
Start date:
2011-06-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

While using indexed search with dbal and a MSSQL database, you get several exceptions when you have simple quotes ( ' ) in a search phrase (which might really often happen, when french speaking users search something).

I would fix it by modified the search query in a way, that the query string isn't between simple quotes but double quotes (I'm not aware of any performance issues in SQL when using simple or double quotes, so this should not make any difference). Additionally the search word should should be passed with addslashes, since adodb quoting doesn't (at least in the mssql driver as far as I have seen).

So, tx_indexedsearch::getPhashList should be adapted like this:

switch ($theType)     {
    ...
        case '20':    // Sentence
        $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
            'ISEC.phash',
            'index_section ISEC, index_fulltext IFT',
            'IFT.fulltextdata LIKE "%'.$GLOBALS['TYPO3_DB']->quoteStr(addslashes($sWord), 'index_fulltext').'%" AND
            ISEC.phash = IFT.phash
            '.$this->sectionTableWhere(),
            'ISEC.phash'
        );
    ...
Actions #1

Updated by Oliver Hader over 11 years ago

  • Target version set to 2222
Actions #2

Updated by Oliver Hader over 11 years ago

  • Project changed from 1382 to TYPO3 Core
Actions #3

Updated by Oliver Hader over 11 years ago

  • Category set to Indexed Search
Actions #4

Updated by Oliver Hader over 11 years ago

  • Target version deleted (2222)
Actions #5

Updated by Mathias Schreiber almost 10 years ago

  • Target version set to 7.5
  • TYPO3 Version set to 4.5
  • Is Regression set to No
Actions #6

Updated by Tizian Schmidlin almost 10 years ago

Sorry for my juvenile boldness.

Double quotes will not work since MSSQL uses this for field definition, so SELECT * FROM tt_content WHERE title like '%test%' is absolutely not the same as SELECT * FROM tt_content WHERE title like "%test%", worse, it will break the query.

Instead, for dbal with MSSQL, you would need to replace all simple quotes in the string with triple quotes (which is much easier I think) and this can still be implemented in quoteStr.

Greetings
Tizian

Actions #7

Updated by Morton Jonuschat over 9 years ago

  • Assignee set to Morton Jonuschat
Actions #8

Updated by Gerrit Code Review over 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42803

Actions #9

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42803

Actions #10

Updated by Morton Jonuschat over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #11

Updated by Gerrit Code Review over 9 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43148

Actions #12

Updated by Morton Jonuschat over 9 years ago

  • Status changed from Under Review to Resolved
Actions #13

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF