According to the following link: http://ferret.davebalmain.com/api/classes/Ferret/QueryParser.html :handle_parser_errors => true is enabled by default and seems to be in acts_as_ferret in class_methods.rb of the plugin. However, when I pass a special character as a query (e.g., !, -, <, >, etc) it throws an error and pukes. -- snip -- Error occured in src/q_parser.y:279 - yyerror couldn''t parse query ``<script>''''. Error message was syntax error -- end snip -- Anyone know what''s going on here? -- Posted via http://www.ruby-forum.com/.
There''s a couple of non-obvious things going on here which I just dealt with recently myself. I''m not using AAF but I would say the issues are the same. Firstly if you''re using index.search_each the query parser that method uses does NOT use the default values - specifically it does not handle parser errors. If you''re making your own QueryParser, there is another gotcha -> the docs say to use the parameter handle_parser_errors but that''s not right with 0.10.13. It should be Ferret::QueryParser.new({:handle_parse_errors => true}) # not handle_parser_errors like docs say Note the missing r on parse(r) Sam Mark wrote:> According to the following link: > > http://ferret.davebalmain.com/api/classes/Ferret/QueryParser.html > > :handle_parser_errors => true is enabled by default and seems to be in > acts_as_ferret in class_methods.rb of the plugin. However, when I pass a > special character as a query (e.g., !, -, <, >, etc) it throws an error > and pukes. > > -- snip -- > Error occured in src/q_parser.y:279 - yyerror > couldn''t parse query ``<script>''''. Error message was syntax error > -- end snip -- > > Anyone know what''s going on here?-- Posted via http://www.ruby-forum.com/.
Sam,> If you''re making your own QueryParser, there is another gotcha -> the > docs say to use the parameter handle_parser_errors but that''s not right > with 0.10.13. It should be > > Ferret::QueryParser.new({:handle_parse_errors => true}) # not > handle_parser_errors like docs say > > Note the missing r on parse(r)acts_as_ferret( { :fields => { ''ferret_index_article_title'' => { :boost => 2 }, ''ferret_index_article_body'' => { :boost => 1.5 }, ''ferret_index_article_comments'' => { :boost => 1 }, ''ferret_index_article_image_captions'' => { :boost => 1.5 } }, :store_class_name => true }, { :analyzer => Ferret::Analysis::StandardAnalyzer.new([nil])} ) I''m not specifically creating my own QueryParser object. Any idea where i would stick the :handle_parse_errors => true in the above. Thanks in advance. -- Posted via http://www.ruby-forum.com/.
On Sat, Dec 09, 2006 at 08:49:36AM +0100, Mark wrote:> Sam, > > > If you''re making your own QueryParser, there is another gotcha -> the > > docs say to use the parameter handle_parser_errors but that''s not right > > with 0.10.13. It should be > > > > Ferret::QueryParser.new({:handle_parse_errors => true}) # not > > handle_parser_errors like docs say > > > > Note the missing r on parse(r) > > acts_as_ferret( { :fields => { ''ferret_index_article_title'' => { > :boost => 2 }, > ''ferret_index_article_body'' => { :boost > => 1.5 }, > ''ferret_index_article_comments'' => { > :boost => 1 }, > ''ferret_index_article_image_captions'' > => { :boost => 1.5 } }, :store_class_name => true }, > { :analyzer => > Ferret::Analysis::StandardAnalyzer.new([nil])} ) > > I''m not specifically creating my own QueryParser object. Any idea where > i would stick the :handle_parse_errors => true in the above.right after your :analyzer option into the second options hash: aaf( { :fields => { ... }, :store_class_name => true }, { :analyzer => ..., :handle_parse_errors => true } ) aaf however doesn''t create it''s own query parser for normal use cases, but the option will be given to the internal Ferret Index instance, so maybe it helps anyway. please tell me if it does so I can correct the default parameter name in aaf. Jens -- webit! Gesellschaft f?r neue Medien mbH www.webit.de Dipl.-Wirtschaftsingenieur Jens Kr?mer kraemer at webit.de Schnorrstra?e 76 Tel +49 351 46766 0 D-01069 Dresden Fax +49 351 46766 66
Jens, That did the trick, thanks a ton!> right after your :analyzer option into the second options hash: > > aaf( { :fields => { ... }, :store_class_name => true }, > { :analyzer => ..., :handle_parse_errors => true } ) > > aaf however doesn''t create it''s own query parser for normal use cases, > but the option will be given to the internal Ferret Index instance, so > maybe it helps anyway. please tell me if it does so I can correct the > default parameter name in aaf.-- Posted via http://www.ruby-forum.com/.
Jens, My response was pre-mature, I have a few tests that throw the following potentially malicious search queries... bad_chars = ['':'', ''(, )'', ''[, ]'', ''{, }'', ''!'', ''+'', ''"'', ''~'', ''^'', ''-'', ''|'', ''<, >'', ''='', ''*'', ''?'', ''\'''', ''<script>''] I haven''t done thorough testing, but the "<, >" query throws an exception. I''ve had to resort to begin/rescue blocks for now. Any ideas?> That did the trick, thanks a ton! > >> right after your :analyzer option into the second options hash: >> >> aaf( { :fields => { ... }, :store_class_name => true }, >> { :analyzer => ..., :handle_parse_errors => true } ) >> >> aaf however doesn''t create it''s own query parser for normal use cases, >> but the option will be given to the internal Ferret Index instance, so >> maybe it helps anyway. please tell me if it does so I can correct the >> default parameter name in aaf.-- Posted via http://www.ruby-forum.com/.
On 12/16/06, Mark <blah at blah.com> wrote:> Jens, > > My response was pre-mature, I have a few tests that throw the following > potentially malicious search queries... > > bad_chars = ['':'', ''(, )'', ''[, ]'', ''{, }'', ''!'', ''+'', ''"'', ''~'', ''^'', ''-'', > ''|'', ''<, >'', ''='', ''*'', ''?'', ''\'''', ''<script>''] > > I haven''t done thorough testing, but the "<, >" query throws an > exception. I''ve had to resort to begin/rescue blocks for now. > > Any ideas? > > > That did the trick, thanks a ton! > > > >> right after your :analyzer option into the second options hash: > >> > >> aaf( { :fields => { ... }, :store_class_name => true }, > >> { :analyzer => ..., :handle_parse_errors => true } ) > >> > >> aaf however doesn''t create it''s own query parser for normal use cases, > >> but the option will be given to the internal Ferret Index instance, so > >> maybe it helps anyway. please tell me if it does so I can correct the > >> default parameter name in aaf.This problem has now been fixed. -- Dave Balmain http://www.davebalmain.com/
Possibly Parallel Threads
- Ferret::QueryParser::QueryParseException
- Extending/Modifying QueryParser
- acts_as_ferret : cannot use a customized Analyzer (as indicated in the AdvancedUsageNotes)
- [issue] The difference between QueryParser::FLAG_AUTO_SYNONYMS and QueryParser::FLAG_AUTO_MULTIWORD_SYNONYMS
- QueryParser bug?