influxdata · davidby-influx · Oct 27, 2021 · Oct 25, 2021 · Oct 26, 2021 · Oct 26, 2021
diff --git a/tsdb/store.go b/tsdb/store.go
@@ -1654,6 +1654,9 @@ func (s *Store) TagKeys(ctx context.Context, auth query.FineAuthorizer, shardIDs
 	if err != nil {
 		return nil, err
 	}
+	if err = isBadQuoteTagValueClause(filterExpr); err != nil {
+		return nil, err
+	}
 
 	// Get all the shards we're interested in.
 	is := IndexSet{Indexes: make([]Index, 0, len(shardIDs))}
@@ -1822,6 +1825,31 @@ func isTagKeyClause(e influxql.Expr) (bool, error) {
 	return false, nil
 }
 
+func isBadQuoteTagValueClause(e influxql.Expr) error {
+	switch e := e.(type) {
+	case *influxql.BinaryExpr:
+		switch e.Op {
+		case influxql.EQ, influxql.NEQ:
+			_, lOk := e.LHS.(*influxql.VarRef)
+			_, rOk := e.RHS.(*influxql.VarRef)
+			if lOk && rOk {
+				return fmt.Errorf("bad WHERE clause for metaquery; one term must be a string literal tag value within single quotes: %s", e.String())
+			}
+		case influxql.OR, influxql.AND:
+			if err := isBadQuoteTagValueClause(e.LHS); err != nil {
+				return err
+			} else if err = isBadQuoteTagValueClause(e.RHS); err != nil {
+				return err
+			} else {
+				return nil
+			}
+		}
+	case *influxql.ParenExpr:
+		return isBadQuoteTagValueClause(e.Expr)
+	}
+	return nil
+}
+
 // TagValues returns the tag keys and values for the provided shards, where the
 // tag values satisfy the provided condition.
 func (s *Store) TagValues(ctx context.Context, auth query.FineAuthorizer, shardIDs []uint64, cond influxql.Expr) ([]TagValues, error) {
@@ -1856,7 +1884,9 @@ func (s *Store) TagValues(ctx context.Context, auth query.FineAuthorizer, shardI
 	if err != nil {
 		return nil, err
 	}
-
+	if err = isBadQuoteTagValueClause(filterExpr); err != nil {
+		return nil, err
+	}
 	// Build index set to work on.
 	is := IndexSet{Indexes: make([]Index, 0, len(shardIDs))}
 	s.mu.RLock()