Custom Query screen does work with search values containing backslash ('\')

[Ian Leader <__ian.leader__@…>]

This can be seen most easily from the Roadmap module:

• Add a ticket owned by 'domain\user', and assign it to a milestone.
• Go to the Roadmap page for that mileston and select 'Ticket Status by Owner'
• Click on the owner domain\user. The URL generated will be something like:

http://localhost:8080/cgi-bin/trac-0.9.cgi/query?owner=domain%5Cuser&milestone=blah

And no tickets are shown.

Tested on W2K Server & WXP SP2, Apache 2.0, CGI & mod_python, 0.8.4 & devel [1847].

[Ian Leader <__ian.leader__@…>]

Upon closer examination, it would appear that I was jumping to conclusions when I submitted this ticket, and the problem is actually with the creation of the SQL query string, rather than a failure to get the request parameters correctly. The log for the above mentioned URL is as follows:

08:26:21 Trac[query] DEBUG: Query SQL: SELECT t.id AS id,t.summary AS summary,t.
type AS type,t.status AS status,t.priority AS priority,t.component AS component,
t.version AS version,t.time AS time,t.changetime AS changetime,t.owner AS owner,
t.milestone AS milestone,priority.value AS priority_value
FROM ticket AS t
  LEFT OUTER JOIN enum AS priority ON (priority.type='priority' AND priority.nam
e=priority)
WHERE COALESCE(t.owner,'')='domain\\user' AND COALESCE(t.milestone,'')='blah'
ORDER BY COALESCE(t.priority,'')='',priority.value,t.id
08:26:21 Trac[session] DEBUG: Changing variable query_href from "/cgi-bin/trac-0
.9.cgi/query?group=&milestone=blah&owner=domain%5Cuser&order=priority" to "/cgi-
bin/trac-0.9.cgi/query?milestone=blah&owner=domain%5Cuser&order=priority" in ses
sion hq\ianl
08:26:21 Trac[session] DEBUG: Purging old, expired, sessions.

the where clause:

COALESCE(t.owner,'')='domain\\user' 

should be:

COALESCE(t.owner,'')='domain\user'

[Ian Leader <__ian.leader__@…>]

Problems seems to be that sql_escape in util.py is incorrectly escaping a single backslash to a double backslash. This escaping is not being used anywhere else in the system.

Patch for this attached against [1855] trunk, includes extra unit test cases.

[Ian Leader <__ian.leader__@…>]

Patch against trunk [1855]

[Ian Leader <__ian.leader__@…>]

As this is also a problem on 0.8.4, I'm attaching a patch against that - same change, but without the unit tests.

[Ian Leader <__ian.leader__@…>]

Patch against 0.8.4

[Matthew Good]

This seems to have been sorted out at some point.

[anonymous]

This seems to have reemerged in 0.10.

• On a system that has \ as a character in a username. e.g. DOMAIN\user on a windows box. Running firefox 1.5.0.7, python 2.3 apache 2.054 mod_python, mod_sspi
• restrict_owner = true (may not be neccessary)
• Go to Roadmap, create a milestone and assign some tickets to that milestone
• Click on active tickets to bring up query
• Add filter on owner
• Try to select owner - Names are scrambled because of \ being processed
• Select an owner anyway and click Update
• Note query string in URL has scrambled user name and query returns no results
• Select owner again, this time names are OK and the query works.

[Christian Boos]

This works for me both using 0.10.4dev and 0.11.

Might be an issue with mod_sspi …