After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 730399 - Search strings should be escaped
Search strings should be escaped
Status: RESOLVED FIXED
Product: grilo
Classification: Other
Component: plugins
unspecified
Other Linux
: Normal normal
: ---
Assigned To: grilo-maint
grilo-maint
Depends on:
Blocks:
 
 
Reported: 2014-05-19 19:04 UTC by Jamie Nicol
Modified: 2014-07-27 11:59 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
tracker: escape search strings (2.05 KB, patch)
2014-07-24 18:56 UTC, Juan A. Suarez Romero 		needs-work Details | Review
tracker: escape search strings (2.19 KB, patch)
2014-07-26 15:00 UTC, Juan A. Suarez Romero 		committed Details | Review

Description Jamie Nicol 2014-05-19 19:04:50 UTC 
I have some video files on my laptop whose filenames begin "Bob's Burgers - ". Searching for "Bob's Burgers" pops up a message box which says:

Search Error

Failed to query: 1.488: syntax error, expected `}'

And causes this output on a terminal:

(totem:18488): Grilo-WARNING **: [tracker-source-request] grl-tracker-source-api.c:436: Could not execute sparql query id=196: 1.488: syntax error, expected `}'

The search term being passed to grilo/tracker appears to be unescaped, so the ' is causing problems. "Bob\'s Burgers" will find the correct files. "*" works as a wildcard. While this could be useful for some, I'd imagine it'd be more useful to most people to escape the search terms.

OS: Arch Linux
totem 3.12.1-1
grilo 0.2.10-1
grilo-plugins 0.2.12-2
tracker 1.0.1-1
libtracker-sparql 1.0.1-1
Comment 1 Bastien Nocera 2014-05-20 06:46:30 UTC 
This is a bug in grilo. We shouldn't have to escape anything.
Comment 2 Juan A. Suarez Romero 2014-07-24 18:56:59 UTC 
Created attachment 281630 [details] [review]
tracker: escape search strings
Comment 3 Bastien Nocera 2014-07-26 14:02:51 UTC 
Review of attachment 281630 [details] [review]:

::: src/tracker/grl-tracker-source-api.c
@@ +78,3 @@
   "%s "                                         \
   "?urn tracker:available ?tr . "               \
+  "?urn fts:match \"%s\" . "                    \

What happens if the search string contains "?
Comment 4 Juan A. Suarez Romero 2014-07-26 14:47:14 UTC 
yeah, it fails.

Actually, I tried to run a sparql sentence with a " in the fts:match function, and it was rejected all time.

Moreover, I'm starting to think that fts:match is not what we should use, and rather explictly search in the fields we want (like filename, title, album and artist).
Comment 5 Juan A. Suarez Romero 2014-07-26 15:00:35 UTC 
Created attachment 281777 [details] [review]
tracker: escape search strings

Use Tracker functions to perform the escape, because it is designed to
hand-craft later a SPARQL query with the escaped string.
Comment 6 Juan A. Suarez Romero 2014-07-26 15:02:19 UTC 
I've upload a new version that uses Tracker escape function. In this case, the " is correctly handled, as this function is designed for later use the escaped string inside a hand-crafted SPARQL query. Actually, this is exactly what the tracker-search tool uses.
Comment 7 Juan A. Suarez Romero 2014-07-26 15:05:51 UTC 
For now I would just fix the search algorithm we are using atm. I'll work on a different issue to improve the search to cover other fields relevant.
Comment 8 Bastien Nocera 2014-07-27 09:13:17 UTC 
Review of attachment 281777 [details] [review]:

Looks good.
Comment 9 Juan A. Suarez Romero 2014-07-27 11:59:36 UTC 
Attachment 281777 [details] pushed as 3155abd - tracker: escape search strings