MantisBT - TestLink
View Issue Details
0008019TestLinkUsabilitypublic2017-07-12 21:002017-09-22 05:37
Mr.Bricodage 
 
normalminoralways
newopen 
1.9.16 (2016 Q4) 
 
MySQL
Firefox
5.4.45
0008019: GITHUB version : Full Text Search from NavBar provides an error
When using "Full Text Search", TestLink display a search form during few seconds then display an error.
The search form is provided as attachment
1) use full text search in navbar with any text content (one or several words)
 => an error is displayed
Error displayed :

 ==============================================================================

 DB Access Error - debug_print_backtrace() OUTPUT START

 ATTENTION: Enabling more debug info will produce path disclosure weakness (CWE-200)

            Having this additional Information could be useful for reporting

            issue to development TEAM.

 ==============================================================================

#0 database->exec_query( SELECT NH_TS.name, TS.id, TS.details FROM nodes_hierarchy NH_TS JOIN testsuites TS ON TS.id = NH_TS.id WHERE TS.id IN (508) AND ( 1=0 OR ( 1=0 or UDFStripHTMLTags(TS.details) LIKE '%content%' ) OR ( 1=0 or NH_TS.name LIKE '%content%' )), -1) called at [D:\Mr.B\GitHub\testlink-code\lib\functions\database.class.php:647]
#1 database->fetchRowsIntoMap( SELECT NH_TS.name, TS.id, TS.details FROM nodes_hierarchy NH_TS JOIN testsuites TS ON TS.id = NH_TS.id WHERE TS.id IN (508) AND ( 1=0 OR ( 1=0 or UDFStripHTMLTags(TS.details) LIKE '%content%' ) OR ( 1=0 or NH_TS.name LIKE '%content%' )), id) called at [D:\Mr.B\GitHub\testlink-code\lib\search\searchCommands.class.php:814]
0000002 searchCommands->searchTestSuites(Array ([0] => content), 1) called at [D:\Mr.B\GitHub\testlink-code\lib\search\search.php:107]
No tags attached.
png SearchForm.png (107,831) 2017-07-12 21:03
http://mantis.testlink.org/file_download.php?file_id=4769&type=bug
png
Issue History
2017-07-12 21:00Mr.BricodageNew Issue
2017-07-12 21:03Mr.BricodageFile Added: SearchForm.png
2017-07-13 09:48hughkayNote Added: 0026600
2017-07-13 13:23fmanNote Added: 0026604
2017-07-21 12:43hughkayNote Added: 0026632
2017-09-21 20:22Mr.BricodageNote Added: 0026866
2017-09-22 05:37hughkayNote Added: 0026867

Notes
(0026600)
hughkay   
2017-07-13 09:48   
It seems that SQL Function "UDFStripHTMLTags" is not defined yet.
Solution proposal:
Add the following lines at the end of files "install/sql/mysql/testlink_create_tables.sql", "install/sql/mssql/testlink_create_tables.sql" and "install/sql/postgres/testlink_create_tables.sql":


DROP FUNCTION IF EXISTS UDFStripHTMLTags;
DELIMITER |
CREATE FUNCTION UDFStripHTMLTags( Dirty varchar(4000) )
RETURNS varchar(4000)
DETERMINISTIC
BEGIN
  DECLARE iStart, iEnd, iLength int;
    WHILE Locate( '<', Dirty ) > 0 And Locate( '>', Dirty, Locate( '<', Dirty )) > 0 DO
      BEGIN
        SET iStart = Locate( '<', Dirty ), iEnd = Locate( '>', Dirty, Locate('<', Dirty ));
        SET iLength = ( iEnd - iStart) + 1;
        IF iLength > 0 THEN
          BEGIN
            SET Dirty = Insert( Dirty, iStart, iLength, '');
          END;
        END IF;
      END;
    END WHILE;
  RETURN Dirty;
END;
|
DELIMITER ;




Furthermore edit the following lines in file "install/installUtils.php" to have the following content:
- line 191: 'Creates a user/passwd with the following GRANTS: SELECT, UPDATE, DELETE, INSERT, EXECUTE'
- line 459: '$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT, EXECUTE ON " . '
- line 493: '$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT, EXECUTE ON " . '
(0026604)
fman   
2017-07-13 13:23   
Thanks I'm going to try
(0026632)
hughkay   
2017-07-21 12:43   
Note: optionally the "varchar(4000)" of my function proposal above can be replaced by "LONGTEXT" if entries in DB contain long strings.
(0026866)
Mr.Bricodage   
2017-09-21 20:22   
FYI, problem still occurs on last dev version
(0026867)
hughkay   
2017-09-22 05:37   
@fman: Are you gonna implement my proposal? At least for me it works fine.