Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32905

Page Provider does not escape quote in term aggregate value

    XMLWordPrintable

    Details

      Description

      When executing a search based on an aggregate selection that contains a single-quote character ' in the selected bucket value, then running a bulk action on the result set will lead to an error like this:

      org.nuxeo.ecm.core.query.QueryParseException: Query: SELECT * FROM Document WHERE ecm:ancestorId = '2b066669-3b42-436e-b442-38951c9555a5' AND dc:created < TIMESTAMP '2024-09-18 15:16:47' AND (ecm:mixinType != 'HiddenInNavigation' AND ecm:isVersion = 0 AND ecm:isTrashed = 0 AND ecm:primaryType = 'hylAsset' AND (xxxRelatIni:projNams='project'xyz')), Syntax error: Invalid token <xyz> at offset 290 at org.nuxeo.ecm.core.query.sql.parser.parser.parseFailed(parser.java:519) ~[nuxeo-core-query-2023.11.13.jar:?] at org.nuxeo.ecm.core.query.sql.parser.parser.unrecovered_syntax_error(parser.java:510) ~[nuxeo-core-query-2023.11.13.jar:?] at java_cup.runtime.lr_parser.parse(lr_parser.java:601) ~[java-cup-0.11a.jar:?] at org.nuxeo.ecm.core.query.sql.SQLQueryParser.parse(SQLQueryParser.java:43) ~[nuxeo-core-query-2023.11.13.jar:?] at org.nuxeo.elasticsearch.query.NxqlQueryConverter.getSqlQuery(NxqlQueryConverter.java:233) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.query.NxqlQueryConverter.toESQueryBuilder(NxqlQueryConverter.java:126) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.query.NxQueryBuilder.makeQuery(NxQueryBuilder.java:261) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.query.NxQueryBuilder.updateRequest(NxQueryBuilder.java:373) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.core.ElasticSearchServiceImpl.buildEsSearchRequest(ElasticSearchServiceImpl.java:235) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.core.ElasticSearchServiceImpl.buildEsSearchScrollRequest(ElasticSearchServiceImpl.java:245) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.core.ElasticSearchServiceImpl.searchScroll(ElasticSearchServiceImpl.java:213) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.core.ElasticSearchServiceImpl.scroll(ElasticSearchServiceImpl.java:113) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.core.ElasticSearchServiceImpl.scroll(ElasticSearchServiceImpl.java:109) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.ElasticSearchComponent.scroll(ElasticSearchComponent.java:531) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.scroll.ElasticSearchScroll.fetch(ElasticSearchScroll.java:58) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.elasticsearch.scroll.ElasticSearchScroll.hasNext(ElasticSearchScroll.java:48) ~[nuxeo-elasticsearch-core-2023.16.12.jar:?] at org.nuxeo.ecm.core.bulk.computation.BulkScrollerComputation.processRecord(BulkScrollerComputation.java:189) ~[nuxeo-core-bulk-2023.16.12.jar:?] at org.nuxeo.ecm.core.bulk.computation.BulkScrollerComputation.processRecord(BulkScrollerComputation.java:156) ~[nuxeo-core-bulk-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.lambda$processRecordWithRetry$7(ComputationRunner.java:514) ~[nuxeo-stream-2023.16.12.jar:?] at net.jodah.failsafe.Functions.lambda$toSupplier$10(Functions.java:262) ~[failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) ~[failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) ~[failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.FallbackExecutor.lambda$supply$0(FallbackExecutor.java:45) ~[failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.Execution.executeSync(Execution.java:128) [failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) [failsafe-2.4.4.jar:2.4.4] at net.jodah.failsafe.FailsafeExecutor.run(FailsafeExecutor.java:212) [failsafe-2.4.4.jar:2.4.4] at org.nuxeo.lib.stream.computation.log.ComputationRunner.processWithRetry(ComputationRunner.java:423) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.processRecordWithRetry(ComputationRunner.java:514) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.processRecordWithTracing(ComputationRunner.java:469) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.processRecord(ComputationRunner.java:461) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.processLoop(ComputationRunner.java:315) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.runOnce(ComputationRunner.java:259) [nuxeo-stream-2023.16.12.jar:?] at org.nuxeo.lib.stream.computation.log.ComputationRunner.run(ComputationRunner.java:226) [nuxeo-stream-2023.16.12.jar:?] at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) [?:?] at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?] at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?] at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?] at java.base/java.lang.Thread.run(Thread.java:833) [?:?]

      See PageProviderHelper.java (tag v2023.18):

      https://github.com/nuxeo/nuxeo-lts/blob/26c10b4080abcb12cf5443418a5503d3bd680c5b/modules/platform/nuxeo-automation/nuxeo-automation-core/src/main/java/org/nuxeo/ecm/automation/core/util/PageProviderHelper.java#L399-L404

      /**
 * @since 2023.18
 */
protected static String getTermClause(String field, String key) {
    return field + "='" + key + "'";
}

      Here are steps how you can reproduce the issue:

      1. Create a document with a property value that contains a single-quote character. E.g. luluRelatIni:projNams = project'xyz
      2. In the search form for the page provider, select the aggregation bucket of this value. In our case it is the aggregation lululemonRelatedInitiatives_projNams_agg and the value is project'xyz.
      3. Run the search, which will return a set of results in the search results layout.
      4. Select the 'Select All' button, then invoke a bulk action from the results selection action slot, which will trigger executing a bulk action on the selected documents.
      5. An error will be returned in the toast message. 

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: