<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Sun Feb 11 23:09:14 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLADMLEG-65] JCR Queries app fails with some operators</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLADMLEG-65</link>
                <project id="10881" key="MGNLADMLEG">Admininterface Legacy 4.x (closed)</project>
                    <description>&lt;p&gt;If I create a JCR query and I want for example to exclude some page templates in the result I get an error message:&lt;/p&gt;

&lt;p&gt;AND p.&lt;span class=&quot;error&quot;&gt;&amp;#91;mgnl:template&amp;#93;&lt;/span&gt; &amp;lt;&amp;gt; &apos;eybbww-templating-module:pages/bbwwArticle&apos;  &lt;/p&gt;

&lt;p&gt;In Magnolia 5.3.x I can still perform these queries. However in Magnolia 5.4.x this gives errors. I also tried several combinations by putting ( ) in the statements.&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
ORDER BY score() desc; expected: =, &amp;lt;&amp;gt;, &amp;lt;, &amp;gt;, &amp;lt;=, &amp;gt;=, LIKE, IS, NOT
2016-07-01 08:02:13,000 ERROR .magnolia.module.admininterface.pages.JCRUtilsPage: Error in JCR query:
javax.jcr.query.InvalidQueryException: 
ORDER BY score() desc; expected: =, &amp;lt;&amp;gt;, &amp;lt;, &amp;gt;, &amp;lt;=, &amp;gt;=, LIKE, IS, NOT
	at org.apache.jackrabbit.commons.query.sql2.Parser.getSyntaxError(Parser.java:978)
	at org.apache.jackrabbit.commons.query.sql2.Parser.getSyntaxError(Parser.java:968)
	at org.apache.jackrabbit.commons.query.sql2.Parser.parseCondition(Parser.java:324)
	at org.apache.jackrabbit.commons.query.sql2.Parser.parseCondition(Parser.java:264)
	at org.apache.jackrabbit.commons.query.sql2.Parser.parseAnd(Parser.java:243)
	at org.apache.jackrabbit.commons.query.sql2.Parser.parseConstraint(Parser.java:233)
	at org.apache.jackrabbit.commons.query.sql2.Parser.createQueryObjectModel(Parser.java:117)
	at org.apache.jackrabbit.commons.query.sql2.SQL2QOMBuilder.createQueryObjectModel(SQL2QOMBuilder.java:55)
	at org.apache.jackrabbit.core.query.QOMQueryFactory.createQuery(QOMQueryFactory.java:69)
	at org.apache.jackrabbit.core.query.CompoundQueryFactory.createQuery(CompoundQueryFactory.java:67)
	at org.apache.jackrabbit.core.query.QueryManagerImpl$2.perform(QueryManagerImpl.java:95)
	at org.apache.jackrabbit.core.query.QueryManagerImpl$2.perform(QueryManagerImpl.java:91)
	at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
	at org.apache.jackrabbit.core.query.QueryManagerImpl.perform(QueryManagerImpl.java:197)
	at org.apache.jackrabbit.core.query.QueryManagerImpl.createQuery(QueryManagerImpl.java:91)
	at info.magnolia.cms.util.QueryUtil.search(QueryUtil.java:265)
	at info.magnolia.cms.util.QueryUtil.search(QueryUtil.java:249)
	at info.magnolia.module.admininterface.pages.JCRUtilsPage.query(JCRUtilsPage.java:124)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at info.magnolia.cms.servlets.MVCServletHandlerImpl.execute(MVCServletHandlerImpl.java:118)
	at info.magnolia.cms.servlets.CommandBasedMVCServletHandler.execute(CommandBasedMVCServletHandler.java:76)
	at info.magnolia.cms.servlets.MVCServlet.doPost(MVCServlet.java:119)
	at info.magnolia.cms.servlets.MVCServlet.doGet(MVCServlet.java:65)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:69)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:74)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.security.CsrfSecurityFilter.doFilter(CsrfSecurityFilter.java:106)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:79)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:106)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:127)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:64)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.personalization.preview.filter.PreviewFilter.doFilter(PreviewFilter.java:92)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:148)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.&lt;span class=&quot;code-object&quot;&gt;Thread&lt;/span&gt;.run(&lt;span class=&quot;code-object&quot;&gt;Thread&lt;/span&gt;.java:745)
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="53497">MGNLADMLEG-65</key>
            <summary>JCR Queries app fails with some operators</summary>
                <type id="1" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10883&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/critical.svg">Critical</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="hieu.nguyen">Hieu Nguyen Duc</assignee>
                                    <reporter username="mvdmark">Micha&#235;l van der Mark</reporter>
                        <labels>
                    </labels>
                <created>Fri, 1 Jul 2016 08:05:11 +0200</created>
                <updated>Wed, 3 Aug 2016 11:03:37 +0200</updated>
                            <resolved>Fri, 15 Jul 2016 03:30:03 +0200</resolved>
                                    <version>5.2.5</version>
                    <version>5.3.1</version>
                                    <fixVersion>5.2.6</fixVersion>
                    <fixVersion>5.3.2</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                    <workratio workratioPercent="66"/>
                                    <progress percentage="66">
                                    <originalProgress>
                                                    <row percentage="100" backgroundColor="#89afd7"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="66" backgroundColor="#51a825"/>
                                                    <row percentage="34" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </progress>
                                    <aggregateprogress percentage="66">
                                    <originalProgress>
                                                    <row percentage="100" backgroundColor="#89afd7"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="66" backgroundColor="#51a825"/>
                                                    <row percentage="34" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </aggregateprogress>
                                    <timeoriginalestimate seconds="115200">4d</timeoriginalestimate>
                            <timeestimate seconds="39000">1d 2h 50m</timeestimate>
                            <timespent seconds="76200">2d 5h 10m</timespent>
                                <comments>
                            <comment id="128618" author="hieu.nguyen" created="Tue, 12 Jul 2016 07:08:25 +0200"  >&lt;h5&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h5&gt;

&lt;p&gt;The issue just occurs in old JCR app (JCR Queries) so it&apos;s related to &lt;b&gt;admininterface-legacy&lt;/b&gt; module.&lt;/p&gt;

&lt;h5&gt;&lt;a name=&quot;Rootcause&quot;&gt;&lt;/a&gt;Root cause&lt;/h5&gt;

&lt;p&gt;+ &lt;tt&gt;StringEscapeUtils#escapeHtml&lt;/tt&gt; escapes SQL operators so query execution can&apos;t recognize those characters and shows syntax errors.&lt;/p&gt;

&lt;p&gt;+ As &lt;a href=&quot;https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;XSS Prevention Cheat Sheet&lt;/a&gt; mentions, we violated rule #1. &quot;path&quot;, &quot;statement&quot; and &quot;result&quot; fields haven&apos;t been escaped correctly before being inserted into HTML document. What we did is to escape input in setters. Consequently the SQL operators are also escaped unexpectedly.&lt;/p&gt;

&lt;h5&gt;&lt;a name=&quot;Solution&quot;&gt;&lt;/a&gt;Solution&lt;/h5&gt;

&lt;p&gt;Escape HTML in getters instead of setters for all fields in order to guarantee:&lt;/p&gt;

&lt;p&gt;+ SQL query doesn&apos;t fail with operators&lt;/p&gt;

&lt;p&gt;+ XSS invulnerabibility&lt;/p&gt;</comment>
                            <comment id="128637" author="mgeljic" created="Tue, 12 Jul 2016 11:55:58 +0200"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.magnolia-cms.com/secure/ViewProfile.jspa?name=mvdmark&quot; class=&quot;user-hover&quot; rel=&quot;mvdmark&quot;&gt;mvdmark&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Judging by the stack trace, this affects our &quot;old&quot; JCR queries app, which was still based on the Magnolia 4.x UI. So I moved it to the appropriate Jira project.&lt;br/&gt;
Mind that since Magnolia 5.4.6, the new Vaadin-based JCR Tools app replaced it, and such queries with &quot;&amp;lt;&amp;gt;&quot; operator work like a charm there.&lt;/p&gt;

&lt;p&gt;Meanwhile, we will still fix this one, at least for the sake of the 5.3 branch.&lt;/p&gt;

&lt;p&gt;Cheers,&lt;br/&gt;
Mika&lt;/p&gt;</comment>
                            <comment id="128638" author="mvdmark" created="Tue, 12 Jul 2016 12:11:00 +0200"  >&lt;p&gt;Hi @mgeljic,&lt;/p&gt;

&lt;p&gt;I used magnolia 5.4.5 in my project. In newer version I saw there is a new JCR app in use. However I also encountered this error when I was using this query in Java. After this I tested my query in the jcr queries app and it gave me the same error message. But If I use the same query on a 5.3.x instance I could perform my query. So If I upgrade to 5.4.7 I also have the possibility to execute this query?&lt;/p&gt;

&lt;p&gt;In java I used code like this:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
predicate.append(&lt;span class=&quot;code-quote&quot;&gt;&quot;\n AND (p.[mgnl:template] &amp;lt;&amp;gt; &lt;span class=&quot;code-quote&quot;&gt;&apos;eybbww-templating-module:pages/bbwwArticle&apos;&lt;/span&gt; &quot;&lt;/span&gt; );
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;And made a workaround for now by using code like this:&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
predicate.append(&lt;span class=&quot;code-quote&quot;&gt;&quot;\n AND (p.[mgnl:template] = &lt;span class=&quot;code-quote&quot;&gt;&apos;eybbww-templating-module:pages/bbwwArticle&apos;&lt;/span&gt; &quot;&lt;/span&gt; );
predicate.append(&lt;span class=&quot;code-quote&quot;&gt;&quot;\n OR p.[mgnl:template] = &lt;span class=&quot;code-quote&quot;&gt;&apos;eybbww-templating-module:pages/bbwwVideoArticle&apos;&lt;/span&gt;&quot;&lt;/span&gt; );
predicate.append(&lt;span class=&quot;code-quote&quot;&gt;&quot;\n OR p.[mgnl:template] = &lt;span class=&quot;code-quote&quot;&gt;&apos;eybbww-templating-module:pages/bbwwHTML5Embed&apos;&lt;/span&gt;&quot;&lt;/span&gt; );
predicate.append(&lt;span class=&quot;code-quote&quot;&gt;&quot;\n OR p.[mgnl:template] = &lt;span class=&quot;code-quote&quot;&gt;&apos;eybbww-templating-module:pages/bbwwHTML5Embed0&apos;&lt;/span&gt;&quot;&lt;/span&gt; );
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;If the query is build in Java we use info.magnolia.cms.util.QueryUtil&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
/**
     * Searches &lt;span class=&quot;code-keyword&quot;&gt;for&lt;/span&gt; statement and then pops-up in the node hierarchy until returnItemType is found. If the result
     * is not returnItemType or none of its parents are then next node in result is checked. Duplicate nodes are
     * removed from result.
     * For date/time expressions use &amp;lt;code&amp;gt;DateUtil.create*Expression()&amp;lt;/code&amp;gt; methods.
     *
     * @&lt;span class=&quot;code-keyword&quot;&gt;return&lt;/span&gt; query result as collection of nodes
     */
    &lt;span class=&quot;code-keyword&quot;&gt;public&lt;/span&gt; &lt;span class=&quot;code-keyword&quot;&gt;static&lt;/span&gt; NodeIterator search(&lt;span class=&quot;code-object&quot;&gt;String&lt;/span&gt; workspace, &lt;span class=&quot;code-object&quot;&gt;String&lt;/span&gt; statement, &lt;span class=&quot;code-object&quot;&gt;String&lt;/span&gt; language, &lt;span class=&quot;code-object&quot;&gt;String&lt;/span&gt; returnItemType) &lt;span class=&quot;code-keyword&quot;&gt;throws&lt;/span&gt; LoginException, RepositoryException {
        &lt;span class=&quot;code-keyword&quot;&gt;return&lt;/span&gt; search(workspace, statement, language, returnItemType, &lt;span class=&quot;code-keyword&quot;&gt;false&lt;/span&gt;);
    }
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Are we using the correct method for doing this query? We construct a search query btw.&lt;/p&gt;

&lt;p&gt;Cheers,&lt;br/&gt;
Micha&#235;l&lt;/p&gt;</comment>
                            <comment id="128662" author="mgeljic" created="Tue, 12 Jul 2016 17:21:38 +0200"  >&lt;p&gt;Okay, that&apos;s good input thanks.&lt;/p&gt;

&lt;p&gt;Using &lt;tt&gt;QueryUtil#search&lt;/tt&gt; is the correct way. Alternatively, one may use JCR&apos;s &lt;tt&gt;QueryManager&lt;/tt&gt; straight&#8212;but that&apos;s what our &lt;tt&gt;QueryUtil&lt;/tt&gt; does for you anyway, without altering the statement whatsoever.&lt;br/&gt;
As far as I could test, I could show no evidence of &lt;tt&gt;&amp;lt;&amp;gt;&lt;/tt&gt; being unsupported, escaped or altered in any way, when invoked by code.&lt;/p&gt;

&lt;p&gt;Re: upgrade to 5.4.7, I also could not point to any recent change in &lt;tt&gt;QueryUtil&lt;/tt&gt;, so I doubt it&apos;s gonna solve your problem by itself. In that case, I suppose the &lt;tt&gt;InvalidQueryException&lt;/tt&gt; might highlight a different issue.&lt;/p&gt;

&lt;p&gt;I would advise to debug/intercept the query when it is fully built, and execute it in the new JCR Tools app (because the old one suffers the problem here).&lt;/p&gt;

&lt;p&gt;Hope this helps,&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10040">
                    <name>causality</name>
                                            <outwardlinks description="caused by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>tricode.nl</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 12 Jul 2016 07:08:25 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mdrapela</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 31 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>hieu.nguyen</customfieldvalue>
            <customfieldvalue>mvdmark</customfieldvalue>
            <customfieldvalue>mgeljic</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i064kr:1</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10220" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Release notes required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10490"><![CDATA[Yes]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="284">Saigon 52</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10242" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>