Fix EZP-27416: Error 500 on search when trying to search space or single quote

[adamwojs]

JIRA: https://jira.ez.no/browse/EZP-27416

Description

This PR provide patch to incorrect generated SQL in Legacy Search Engine when user is trying to search a query that contains only a word separators characters e.g single quote character.

Steps to reproduce

1. Setup Legacy Search Engine
2. In Platform UI go to Content > Content structure > Search
3. Try to search: ' (single quote)
4. Backend will return "Internal server error" with the following description:

The expression ' OR ' expected at least 1 argument but none provided.

TODO

• Patch
• Tests

[andrerom]

Will you also reuse $wordIdSubquery below? ;)

[adamwojs]

@andrerom Fixed :-)

[adamwojs]

This is still not compatible with declared return type, and I think it's require few words of comment .

[alongosz]

This is still not compatible with declared return type, and I think it's require few words of comment .

I looked over returned values in other criterions and I actually think that @return in getWordIdSubquery PhpDoc is just wrong - it should be @return string because all methods of the eZ\Publish\Core\Persistence\Database\Expression interface return string as well.

[adamwojs]

Updated with PostgreSQL compatible version.

[alongosz]

I gave it a little bit of thought and I think we should consider two separate cases here, applied on SQL Search layer, so not affecting other search engines:

1. In eZ\Publish\Core\Search\Legacy\Content\Handler::findContent at the beginning we should check empty value:

if (trim($query->query->value) === '') {
    return new SearchResult(['time' => 0, 'totalCount' => 0]);
}

because search for an empty value should always return 0 count in 0 time (other SearchResult fields already have proper default values). Note on 0 time - it will be accurate with respect to current code if the above block gets placed as described, at the beginning of findContent

2. When we get empty-ish value, e.g. containing quotes, we actually should throw API InvalidArgumentException (instead of returning null in getWordIdSubquery). Meaning: when tokenizer returns empty result - something went wrong, because we already checked one of the expected states in point 1. ^
   This exception is already hinted on findContent PhpDoc and is AFAIR close to what @adamwojs suggested when we initially discussed this :-)

WDYT @andrerom ?

[alongosz]

Some minor comments below:

[alongosz]

Nitpick: please use short array syntax.

[alongosz]

Please hint also @param in PhpDoc

[alongosz]

Nitpick: please use short array syntax.

[alongosz]

Nitpick: please use short array syntax.

[alongosz]

This is still not compatible with declared return type, and I think it's require few words of comment .

I looked over returned values in other criterions and I actually think that @return in getWordIdSubquery PhpDoc is just wrong - it should be @return string because all methods of the eZ\Publish\Core\Persistence\Database\Expression interface return string as well.

[adamwojs]

@andrerom WDYT about @alongosz idea? IMHO is a cleaner solution than generating a query that always returns an empty result set.

[andrerom]

@adamwojs I kind of likes part of the proposal, but I had and have doubts about hardcoding logic about full text in the handler, as value can be anything here right?

[alongosz]

I had and have doubts about hardcoding logic about full text in the handler, as value can be anything here right?

@adamwojs: @andrerom has a good point here, I looked at this from the FullText Criterion perspective, not the whole scope of all possible Criterions - my mistake.

To determine if the value is correct should be a responsibility of eZ\Publish\Core\Search\Legacy\Content\Common\Gateway\CriterionHandler\FullText::handle.
While I'd prefer in case of empty value to get 0 count result, due do the way query expression is processed and built we cannot do it without a major refactoring.
In this case I'd go with InvalidArgumentException also for "pure" empty value ''.

@andrerom can we expect from API consumer not to allow such queries or be prepared for this exception?
If not, then the last thing, I could think of, we could do to solve this is to introduce our own exception thrown from FullText::handle and caught/handled in \eZ\Publish\Core\Search\Legacy\Content\Gateway\DoctrineDatabase::find or even in getResultCount by returning 0 result count.

[andrerom]

If not, then the last thing

I was thinking in similar way, adding exception that we handle internally, however how do we then tell UI to tell the user the query was invalid and this is why there is empty result?

[alongosz]

I was thinking in similar way, adding exception that we handle internally, however how do we then tell UI to tell the user the query was invalid and this is why there is empty result?

True. So I'd say the only one valid solution is to throw InvalidArgumentException for empty values as well. SearchService::findContent hints it, so my previous concern about API consumer expectations seems to be resolved.

[adamwojs]

I've updated PR according to our consensus about solution

[andrerom]

should rather be something that actually is 1. concrete enoug so devs know what is wrong, 2. user friendly enough so user knows what he did wrong.

Unsure, but something like :
Search query does not contain a valid FullText search string

Would also be great if we can create a new exception that extends InvalidArgumentException, so UI code can detect it better in case they want to provide a better user feedback then this.

[andrerom]

when does it return null? On exceptions nothing is returned at all ;)

[andrerom]

*Also note that handle() should add phpdoc that it uses getWordIdSubquery so the throw part gets reflected there to.

[andrerom]

Think this is better, some nitpicks added

[adamwojs]

I'm not sure about namespace, but for me is too specific for \eZ\Publish\Core\Base\Exceptions and too generic for concrete search engine impl.

[adamwojs]

Maybe InvalidFullTextQuery will be better a name ?

[alongosz]

I'd say either keep it as is or InvalidFullTextSearchQuery.

Side thing: if we intend for external bundle to be able to catch it (and thus refer to it), shouldn't it be a part of API, not Core? Or maybe SPI to avoid cluttering API namespace? POV @andrerom?

[adamwojs]

Closing PR as obsolete. eZ Platform 2.5 has reached EOM, so please reopen PR in ezsystems/ezplatform-kernel (bug fixes) or ibexa/core (features/improvements) if issue is still valid for v3.3 / v4.x and you are willing to work on it.