Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-5483

javascript error when search has a percent in it

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Minor
    • 4.14.2, 5.11.3
    • None
    • None
    • None

    Description

      Carey Black
        13 hours ago
      OK.. I suspect that I am stumbling upon some kind of "SQL injection attack defense".. .but .... I think the UI needs to deal with this "issue" better.
      https://grouperdemo.internet2.edu/grouper_v4/  ( that is v4.13.0 )
      I do a global search for a string "bob". I find two results. (OK so far.)
      But if the list was 100's.. I might want to limit the returned set by "also ends with 'foo' " to find "just the right ones.
      I do a global search for a string "bob%foo".
      I get a blank "working panel"
      When I click on the 'Browse Folders' on a folder.. nothing changes.
      I can expand the 'Browse Folders' folder structure But when I click on any object... nothing changes.
      If I click on a "Quick link"... nothing changes.
      I think that should be a bug.
      I have to strip the URL back to https://grouperdemo.internet2.edu/grouper_v4/ to get the UI to work again.
      NOTE: I can reproduce the same behavior on v 4.10.3 too. (edited) 

       

       

       

      Chad Redman
        11 hours ago
      What about * instead of %

      Carey Black
        11 hours ago
      Verified on https://grouperdemo.internet2.edu/grouper_v4/  ( that is v4.13.0 )
       asterisk character does not break the UI. 
      It also does not return any results. (edited) 

      Chris Hyzer
        10 hours ago
      what subject source do you have?

      Carey Black
        10 hours ago
      the one(s) on the grouperDemo server? (edited) 

      Chris Hyzer
        8 hours ago
      well thats using external subjects so its kind of a special case.  at penn we have jdbc2 which does substring searches split by spaces so it works pretty well.  we should talk about a real use case with a custom subejct source

      Carey Black
        8 hours ago
       external subjects so its kind of a special case
      Really? You think it is that rare in the community?
      FWIW: I was trying to only search for "groups" too. ( So in this case, it really is an "internal subject source". )

      Chris Hyzer
        7 hours ago
      i think most people search or people at their institution most of the time

      Chris Hyzer
        7 hours ago
      groups does substring searches right?  you dont need wildcards
      New

      Carey Black
        6 hours ago
      So let's say that a space ( instead of a % character) produces the desired results.
      I will validate that later. ( confirmed, that does almost what I want.)
      But the observed UI behavior is a bug.
      At least I cannot imagine the behavior being by design. (edited) 

       

       

      this causes an exception in javascript, we can fix that:

      decodeURIComponent("searchQuery2=bob%25foo#".replace(/+/g,  " "));
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent

      URIError
      Thrown if encodedURI contains a % not followed by two hexadecimal digits, or if the escape sequence does not encode a valid UTF-8 character.

      Attachments

        Activity

          People

            vivek.sachdeva@at.internet2.edu Vivek Sachdeva
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: