Description

If you search for a ' or ", then moin will go into an infinit loop. If the user searchs for something in quotation, the quotations are striped. But if there is only a single quotation, the following will result in an empty string (search.py line 658):

        if ((text[0] == text[-1] == '"') or
            (text[0] == text[-1] == "'")): text = text[1:-1]

This results in en empty search string, which in turn is used to create an empty regular expression.

Details

MoinMoin Version
OS and Version
Python Version
Server Setup
Server Details

Workaround

Change the above lines into something like:

        if (len(text) > 1):
            if ((text[0] == text[-1] == '"') or
                (text[0] == text[-1] == "'")): text = text[1:-1]

I wonder why an empty string lets it go into an infinite loop. That bug should be fixed as well.

Its not infinite loop - title search simply return all names as results, and full text probably try to return all wiki character as results

Discussion

Here is more readable fix:

   1 * looking for nirs@freeshell.org--2005/moin--fix--1.3--patch-27 to compare with
   2 * comparing to nirs@freeshell.org--2005/moin--fix--1.3--patch-27
   3 M  MoinMoin/search.py
   4 
   5 * modified files
   6 
   7 
   8 --- orig/MoinMoin/search.py
   9 +++ mod/MoinMoin/search.py
  10 @@ -674,8 +674,8 @@
  11              return None
  12          modifiers = match.group('MOD').split(":")[:-1]
  13          text = match.group('TERM')
  14 -        if ((text[0] == text[-1] == '"') or
  15 -            (text[0] == text[-1] == "'")): text = text[1:-1]
  16 +        if self.isQuoted(text):
  17 +            text = text[1:-1]
  18  
  19          title_search = self.titlesearch
  20          regex = self.regex
  21 @@ -703,6 +703,13 @@
  22              obj.negate()
  23          return obj                
  24  
  25 +    def isQuoted(self, text):
  26 +        # Empty string '' is not considered quoted
  27 +        if len(text) < 3:
  28 +            return False
  29 +        return (text.startswith('"') and text.endswith('"') or
  30 +                text.startswith("'") and text.endswith("'"))
  31 +
  32  
  33  class SearchResults:
  34      """ Manage search results, supply different views

search_quote.patch

It seems to work correctly, but this is a good time to add tests for these edge cases.

Anyway, you can always construct queries that max out the server %-)

I committed the above patch and tests for all quoting edge cases.

Plan

Priority:
Assigned to:
Status: fixed in patch-708

CategoryMoinMoinBugFixed CategoryRelease1.3.5

MoinMoin: MoinMoinBugs/SearchOneCharString (last edited 2007-10-29 19:10:22 by localhost)