Closed stefandesu closed 3 years ago
The problem was that we were providing a string as a regular expression for the Mongo query, and the /
that was supposed to escape the .
was then interpreted as a normal character instead of an escaping character. The solution is to use RegExp objects instead of strings.
In v1.2.3, I added escaping to search queries for
/search
and/suggest
because certain characters used in regular expressions would cause the request to crash and return an error 500. However, now it won't include those characters at all in the search.Example of failing query: https://coli-conc.gbv.de/api/suggest?voc=http:%2F%2Fdewey.info%2Fscheme%2Fedition%2Fe23%2F&search=612.112
Search query before escaping:
612.112
Search query after escaping:612\.112
MongoDB search query:{"$and":[{"$or":[{"_id":"612\\.112"},{"$text":{"$search":"\"612\\.112\""}},{"_keywordsLabels":{"$regex":"^612\\.112"}}]},{"$or":[{"inScheme.uri":"http://bartoc.org/en/node/241"},{"inScheme.uri":"http://www.wikidata.org/entity/Q48460"},{"inScheme.uri":"http://dewey.info/scheme/edition/e23/"}]}]}
As you can see, for some reason after assembling the MongoDB search query, the
\
that's supposed to escape the.
gets escaped itself (despite not using any escaping methods). When the escaping step is skipped, then it'll use612.112
where the.
is interpreted as part of a regular expression.