search queries are not properly sanitized

[Koncopd]

Add a description

ln.Feature.search("cat[")
gives

---------------------------------------------------------------------------
InvalidRegularExpression                  Traceback (most recent call last)
File /opt/conda/lib/python3.11/site-packages/django/db/backends/utils.py:105, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
    104 else:
--> 105     return self.cursor.execute(sql, params)

InvalidRegularExpression: invalid regular expression: brackets [] not balanced


The above exception was the direct cause of the following exception:

DataError                                 Traceback (most recent call last)
File /opt/conda/lib/python3.11/site-packages/IPython/core/formatters.py:711, in PlainTextFormatter.__call__(self, obj)
    704 stream = StringIO()
    705 printer = pretty.RepresentationPrinter(stream, self.verbose,
    706     self.max_width, self.newline,
    707     max_seq_length=self.max_seq_length,
    708     singleton_pprinters=self.singleton_printers,
    709     type_pprinters=self.type_printers,
    710     deferred_pprinters=self.deferred_printers)
--> 711 printer.pretty(obj)
    712 printer.flush()
    713 return stream.getvalue()

File /opt/conda/lib/python3.11/site-packages/IPython/lib/pretty.py:419, in RepresentationPrinter.pretty(self, obj)
    408                         return meth(obj, self, cycle)
    409                 if (
    410                     cls is not object
    411                     # check if cls defines __repr__
   (...)
    417                     and callable(_safe_getattr(cls, "__repr__", None))
    418                 ):
--> 419                     return _repr_pprint(obj, self, cycle)
    421     return _default_pprint(obj, self, cycle)
    422 finally:

File /opt/conda/lib/python3.11/site-packages/IPython/lib/pretty.py:787, in _repr_pprint(obj, p, cycle)
    785 """A pprint that just redirects to the normal repr function."""
    786 # Find newlines and replace them with p.break_()
--> 787 output = repr(obj)
    788 lines = output.splitlines()
    789 with p.group():

File /opt/conda/lib/python3.11/site-packages/django/db/models/query.py:376, in QuerySet.__repr__(self)
    375 def __repr__(self):
--> 376     data = list(self[: REPR_OUTPUT_SIZE + 1])
    377     if len(data) > REPR_OUTPUT_SIZE:
    378         data[-1] = "...(remaining elements truncated)..."

File /opt/conda/lib/python3.11/site-packages/django/db/models/query.py:400, in QuerySet.__iter__(self)
    385 def __iter__(self):
    386     """
    387     The queryset iterator protocol uses three nested iterators in the
    388     default case:
   (...)
    398            - Responsible for turning the rows into model objects.
    399     """
--> 400     self._fetch_all()
    401     return iter(self._result_cache)

File /opt/conda/lib/python3.11/site-packages/django/db/models/query.py:1928, in QuerySet._fetch_all(self)
   1926 def _fetch_all(self):
   1927     if self._result_cache is None:
-> 1928         self._result_cache = list(self._iterable_class(self))
   1929     if self._prefetch_related_lookups and not self._prefetch_done:
   1930         self._prefetch_related_objects()

File /opt/conda/lib/python3.11/site-packages/django/db/models/query.py:91, in ModelIterable.__iter__(self)
     88 compiler = queryset.query.get_compiler(using=db)
     89 # Execute the query. This will also fill compiler.select, klass_info,
     90 # and annotations.
---> 91 results = compiler.execute_sql(
     92     chunked_fetch=self.chunked_fetch, chunk_size=self.chunk_size
     93 )
     94 select, klass_info, annotation_col_map = (
     95     compiler.select,
     96     compiler.klass_info,
     97     compiler.annotation_col_map,
     98 )
     99 model_cls = klass_info["model"]

File /opt/conda/lib/python3.11/site-packages/django/db/models/sql/compiler.py:1574, in SQLCompiler.execute_sql(self, result_type, chunked_fetch, chunk_size)
   1572     cursor = self.connection.cursor()
   1573 try:
-> 1574     cursor.execute(sql, params)
   1575 except Exception:
   1576     # Might fail for server-side cursors (e.g. connection closed)
   1577     cursor.close()

File /opt/conda/lib/python3.11/site-packages/django/db/backends/utils.py:79, in CursorWrapper.execute(self, sql, params)
     78 def execute(self, sql, params=None):
---> 79     return self._execute_with_wrappers(
     80         sql, params, many=False, executor=self._execute
     81     )

File /opt/conda/lib/python3.11/site-packages/django/db/backends/utils.py:92, in CursorWrapper._execute_with_wrappers(self, sql, params, many, executor)
     90 for wrapper in reversed(self.db.execute_wrappers):
     91     executor = functools.partial(wrapper, executor)
---> 92 return executor(sql, params, many, context)

File /opt/conda/lib/python3.11/site-packages/django/db/backends/utils.py:100, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
     98     warnings.warn(self.APPS_NOT_READY_WARNING_MSG, category=RuntimeWarning)
     99 self.db.validate_no_broken_transaction()
--> 100 with self.db.wrap_database_errors:
    101     if params is None:
    102         # params default might be backend specific.
    103         return self.cursor.execute(sql)

File /opt/conda/lib/python3.11/site-packages/django/db/utils.py:91, in DatabaseErrorWrapper.__exit__(self, exc_type, exc_value, traceback)
     89 if dj_exc_type not in (DataError, IntegrityError):
     90     self.wrapper.errors_occurred = True
---> 91 raise dj_exc_value.with_traceback(traceback) from exc_value

File /opt/conda/lib/python3.11/site-packages/django/db/backends/utils.py:105, in CursorWrapper._execute(self, sql, params, *ignored_wrapper_args)
    103     return self.cursor.execute(sql)
    104 else:
--> 105     return self.cursor.execute(sql, params)

DataError: invalid regular expression: brackets [] not balanced

[Koncopd]

Fixed #2261