Syntax error in tsquery

[alorence]

Hi,

In a project using django-watson (1.4.2) and Django 1.11.5 with Postgres 9.6.1, a user searched for a contact by email copied from his desktop client. Basically, he pasted this term in the search field of the website:

John Doe <john@provider.com>

This caused an exception when corresponding request was executed. I was able to reproduce the issue with a very simple unit test (py.test):

import pytest
from watson import search as watson

@pytest.mark.django_db
def test_x():
    assert watson.search('John Doe <john@provider.com>')

and got this error:

C:\project_venv\lib\site-packages\django\db\models\query.py:254: in __bool__
    self._fetch_all()
C:\project_venv\lib\site-packages\django\db\models\query.py:1118: in _fetch_all
    self._result_cache = list(self._iterable_class(self))
C:\project_venv\lib\site-packages\django\db\models\query.py:53: in __iter__
    results = compiler.execute_sql(chunked_fetch=self.chunked_fetch)
C:\project_venv\lib\site-packages\django\db\models\sql\compiler.py:894: in execute_sql
    raise original_exception
C:\project_venv\lib\site-packages\django\db\models\sql\compiler.py:884: in execute_sql
    cursor.execute(sql, params)
C:\project_venv\lib\site-packages\django\db\backends\utils.py:65: in execute
    return self.cursor.execute(sql, params)
C:\project_venv\lib\site-packages\django\db\utils.py:94: in __exit__
    six.reraise(dj_exc_type, dj_exc_value, traceback)
C:\project_venv\lib\site-packages\django\utils\six.py:685: in reraise
    raise value.with_traceback(tb)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <django.db.backends.utils.CursorWrapper object at 0x00000207F68D1EB8>
sql = 'SELECT (ts_rank_cd(watson_searchentry.search_tsv, to_tsquery(\'pg_catalog.english\', %s))) AS "watson_rank", "watson_...entry"."content_type_id" = %s) AND (search_tsv @@ to_tsquery(\'pg_catalog.english\', %s))) ORDER BY "watson_rank" DESC'
params = ('$$John$$:* & $$Doe$$:* & $$<john@provider.com>$$:*', 'default', 7, 8, '$$John$$:* & $$Doe$$:* & $$<john@provider.com>$$:*')

    def execute(self, sql, params=None):
        self.db.validate_no_broken_transaction()
        with self.db.wrap_database_errors:
            if params is None:
                return self.cursor.execute(sql)
            else:
>               return self.cursor.execute(sql, params)
E               django.db.utils.ProgrammingError: ERROR: syntax error in tsquery : « $$John$$:* & $$Doe$$:* & $$<john@provider.com>$$:* »

Apparently, presence of "<" and ">" in the query is the cause of the syntax error. Without these chars, the search obviously run as usual. Currently, I am not sure if this specific chars should be catched and removed by me, by django-watson, or by Django itself (or maybe by Postgres ?).

What is your opinion ?

[etianen]

Thanks for the report. This should now be fixed in master. There's also now an aggressive test case for all sorts of query parameters.

Please let me know if it works for you.

[alorence]

For sure, no more Syntax error when using < or > in search query. Thanks !

[etianen]

No worries. Release 1.4.3 is out with the fix!

On 27 September 2017 at 10:35, Antoine Lorence notifications@github.com wrote:

For sure, no more Syntax error when using < or > in search query. Thanks !

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/etianen/django-watson/issues/219#issuecomment-332466171, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJFCJIszPS-JmDnUOQcggRyDbpsG6pEks5smhbtgaJpZM4PkENE .

[alorence]

Wow, it was quick ! Thank you for the reactivity, and keep up the good work!