codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2025-04-29 07:24:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: Single quotes in search terms would raise an error.

Browse source
This commit is contained in:
Robin Ward 2013-08-26 16:25:02 -04:00
parent 3708d47c87
commit 1c3c468675
2 changed files with 6 additions and 2 deletions
lib
search.rb
spec/components
search_spec.rb

4
lib/search.rb
View file

@ -177,8 +177,8 @@ class Search
def ts_query def ts_query
@ts_query ||= begin @ts_query ||= begin
escaped_term = PG::Connection.escape_string(@term.gsub(/[:()&!]/,'')) all_terms = @term.gsub(/[:()&!'"]/,'').split
query = Post.sanitize(escaped_term.split.map {|t| "#{t}:*"}.join(" & ")) query = Post.sanitize(all_terms.map {|t| "#{PG::Connection.escape_string(t)}:*"}.join(" & "))
"TO_TSQUERY(#{query_locale}, #{query})" "TO_TSQUERY(#{query_locale}, #{query})"
end end
end end

4
spec/components/search_spec.rb
View file

@ -92,6 +92,10 @@ describe Search do
Search.new('foo :!$);}]>@\#\"\'').execute.should be_blank # There are at least three levels of sanitation for Search.query! Search.new('foo :!$);}]>@\#\"\'').execute.should be_blank # There are at least three levels of sanitation for Search.query!
end end
it "doesn't raise an error when single quotes are present" do
Search.new("'hello' world").execute.should be_blank # There are at least three levels of sanitation for Search.query!
end
it 'works when given two terms with spaces' do it 'works when given two terms with spaces' do
lambda { Search.new('evil trout').execute }.should_not raise_error lambda { Search.new('evil trout').execute }.should_not raise_error
end end