Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008019TestLinkUsabilitypublic2017-07-12 21:002017-09-21 20:22
ReporterMr.Bricodage 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version1.9.16 (2016 Q4) 
Fixed in Version 
Summary0008019: GITHUB version : Full Text Search from NavBar provides an error
DescriptionWhen using "Full Text Search", TestLink display a search form during few seconds then display an error.
The search form is provided as attachment
Steps To Reproduce1) use full text search in navbar with any text content (one or several words)
 => an error is displayed
Additional InformationError displayed :

 ==============================================================================

 DB Access Error - debug_print_backtrace() OUTPUT START

 ATTENTION: Enabling more debug info will produce path disclosure weakness (CWE-200)

            Having this additional Information could be useful for reporting

            issue to development TEAM.

 ==============================================================================

#0 database->exec_query( SELECT NH_TS.name, TS.id, TS.details FROM nodes_hierarchy NH_TS JOIN testsuites TS ON TS.id = NH_TS.id WHERE TS.id IN (508) AND ( 1=0 OR ( 1=0 or UDFStripHTMLTags(TS.details) LIKE '%content%' ) OR ( 1=0 or NH_TS.name LIKE '%content%' )), -1) called at [D:\Mr.B\GitHub\testlink-code\lib\functions\database.class.php:647]
#1 database->fetchRowsIntoMap( SELECT NH_TS.name, TS.id, TS.details FROM nodes_hierarchy NH_TS JOIN testsuites TS ON TS.id = NH_TS.id WHERE TS.id IN (508) AND ( 1=0 OR ( 1=0 or UDFStripHTMLTags(TS.details) LIKE '%content%' ) OR ( 1=0 or NH_TS.name LIKE '%content%' )), id) called at [D:\Mr.B\GitHub\testlink-code\lib\search\searchCommands.class.php:814]
0000002 searchCommands->searchTestSuites(Array ([0] => content), 1) called at [D:\Mr.B\GitHub\testlink-code\lib\search\search.php:107]
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserFirefox
PHP Version5.4.45
TestCaseID
QA Team - Task Workflow Status
Attached Filespng file icon SearchForm.png [^] (107,831 bytes) 2017-07-12 21:03

- Relationships

-  Notes
(0026600)
hughkay (reporter)
2017-07-13 09:48

It seems that SQL Function "UDFStripHTMLTags" is not defined yet.
Solution proposal:
Add the following lines at the end of files "install/sql/mysql/testlink_create_tables.sql", "install/sql/mssql/testlink_create_tables.sql" and "install/sql/postgres/testlink_create_tables.sql":


DROP FUNCTION IF EXISTS UDFStripHTMLTags;
DELIMITER |
CREATE FUNCTION UDFStripHTMLTags( Dirty varchar(4000) )
RETURNS varchar(4000)
DETERMINISTIC
BEGIN
  DECLARE iStart, iEnd, iLength int;
    WHILE Locate( '<', Dirty ) > 0 And Locate( '>', Dirty, Locate( '<', Dirty )) > 0 DO
      BEGIN
        SET iStart = Locate( '<', Dirty ), iEnd = Locate( '>', Dirty, Locate('<', Dirty ));
        SET iLength = ( iEnd - iStart) + 1;
        IF iLength > 0 THEN
          BEGIN
            SET Dirty = Insert( Dirty, iStart, iLength, '');
          END;
        END IF;
      END;
    END WHILE;
  RETURN Dirty;
END;
|
DELIMITER ;




Furthermore edit the following lines in file "install/installUtils.php" to have the following content:
- line 191: 'Creates a user/passwd with the following GRANTS: SELECT, UPDATE, DELETE, INSERT, EXECUTE'
- line 459: '$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT, EXECUTE ON " . '
- line 493: '$stmt = "GRANT SELECT, UPDATE, DELETE, INSERT, EXECUTE ON " . '
(0026604)
fman (administrator)
2017-07-13 13:23

Thanks I'm going to try
(0026632)
hughkay (reporter)
2017-07-21 12:43

Note: optionally the "varchar(4000)" of my function proposal above can be replaced by "LONGTEXT" if entries in DB contain long strings.
(0026866)
Mr.Bricodage (updater)
2017-09-21 20:22

FYI, problem still occurs on last dev version

- Issue History
Date Modified Username Field Change
2017-07-12 21:00 Mr.Bricodage New Issue
2017-07-12 21:03 Mr.Bricodage File Added: SearchForm.png
2017-07-13 09:48 hughkay Note Added: 0026600
2017-07-13 13:23 fman Note Added: 0026604
2017-07-21 12:43 hughkay Note Added: 0026632
2017-09-21 20:22 Mr.Bricodage Note Added: 0026866



Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker