Last modified: 2014-09-23 23:07:57 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T25108, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 23108 - SearchHighlighter::highlightSimple() doesn't escape regex chars in input, leads to PHP errors about unbalanced ( )
SearchHighlighter::highlightSimple() doesn't escape regex chars in input, lea...
Status: NEW
Product: MediaWiki
Classification: Unclassified
Search (Other open bugs)
1.16.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-reviewed
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-09 11:33 UTC by Roan Kattouw
Modified: 2014-09-23 23:07 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Proposed patch (790 bytes, patch)
2010-04-09 11:35 UTC, Roan Kattouw 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Roan Kattouw 2010-04-09 11:33:17 UTC 
Observed the following error message on the WMF cluster:

Apr  9 09:38:58 10.0.2.231 apache2[22312]: PHP Warning:  preg_match() [<a href='function.preg-match'>function.preg-match</a>]: Compilation failed: missing ) at offset 52 in /usr/local/apache/common-local/wmf-deployment/includes/search/SearchEngine.php on line 1212
Apr  9 09:39:06 10.0.2.231 apache2[22312]:last message repeated 102 times

Some quick testing indicates this is very likely to be caused by a literal '(' in the $terms parameter, which is thrown into a regex unescaped.

The attached patch fixes this by escaping regex chars in $terms ; I submitted it here rather than committing it straight to SVN because I wasn't sure about the semantics of this function and whether regex chars in $terms being interpreted was a feature or a bug.
Comment 1 Roan Kattouw 2010-04-09 11:35:11 UTC 
Created attachment 7279 [details]
Proposed patch
Comment 2 p858snake 2011-04-30 00:10:12 UTC 
*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*
Comment 3 Bugmeister Bot 2011-08-19 19:12:42 UTC 
Unassigning default assignments. http://article.gmane.org/gmane.science.linguistics.wikipedia.technical/54734
Comment 4 Sumana Harihareswara 2011-11-09 03:37:39 UTC 
+need-review to signal to developers that this patch needs reviewing.
Comment 5 Max Semenik 2012-05-10 16:57:15 UTC 
Looks like it's not needed anymore: on input of "foo." $terms is \bfoo\.\b - do you see it in server logs in case it's Lucene-specific?
Comment 6 Andre Klapper 2013-07-24 14:47:13 UTC 
Roan: Any idea if your patch is still needed? (See comment 5)
Comment 7 Chad H. 2014-05-30 21:06:09 UTC 
I can't find any place where those \b's would have been added.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links