wsalesky
commented
7 years ago Add & to filter for illegal characters
Closed tacarlson closed 7 years ago
wsalesky
commented
7 years ago Add & to filter for illegal characters
I accidentally typed "Turk&" into the search box on the Gazetteer and got a large error:
<?xml version="1.0" ?>/db/apps/srophe/modules/view.xql exerr:ERROR Error while evaluating expression: collection('/db/apps/srophe-data/data/places/tei')//tei:body[ft:query(.,'Turk&',data:search-options()) or ft:query(descendant::tei:placeName,'Turk&',data:search-options()) or ft:query(descendant::tei:persName,'Turk&',data:search-options()) or ft:query(ancestor::tei:TEI/descendant::tei:teiHeader/descendant::tei:title,'Turk&',data:search-options()) or ft:query(descendant::tei:desc,'Turk&',data:search-options())]. expecting ''', found '&' [at line 241, column 25]
In function:
data:search(xs:string?) [53:27:/db/apps/srophe/modules/lib/data.xqm]
search:get-results(node(), map, xs:string?, xs:string?) [221:18:/db/apps/srophe/modules/search/search.xqm]
templates:call-with-args(function, function, element(), map) [208:13:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process-output(element(), map, item(), element()) [205:9:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call-by-introspection(element(), map, map, function) [187:28:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call(item(), element(), map) [135:36:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [146:81:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [146:81:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [146:81:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [146:81:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [277:13:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process-output(element(), map, item()) [268:17:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process-output(element(), map, item(), element()) [205:9:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call-by-introspection(element(), map, map, function) [187:28:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call(item(), element(), map) [135:36:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [462:17:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process-output(element(), map, item()) [270:9:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process-output(element(), map, item(), element()) [205:9:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call-by-introspection(element(), map, map, function) [187:28:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:call(item(), element(), map) [135:36:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [131:51:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:process(node(), map) [88:9:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
templates:apply(node()+, function, map?, map?) [50:5:/apps/Syriaca/webapp/WEB-INF/data/expathrepo/shared-0.4.0/content/templates.xql]
I suspect this is larger than the Gazetteer, but it also may not be worth filtering the input for, unless it points to a greater security hole. Thanks!