Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4595 from techAPJ/security 

SECURITY: escape advanced search term
This commit is contained in:
Arpit Jalan 2016-12-08 15:16:48 +05:30 committed by GitHub
parent b4cafc5e78 42b14b0d11
commit 1b76e82600
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/discourse/components/search-advanced-options.js.es6
View File

@ -1,4 +1,5 @@
import { observes } from 'ember-addons/ember-computed-decorators'; import { observes } from 'ember-addons/ember-computed-decorators';
import { escapeExpression } from 'discourse/lib/utilities';
const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g; const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g;
@ -103,7 +104,7 @@ export default Em.Component.extend({
}, },
findSearchTerms() { findSearchTerms() {
const searchTerm = this.get('searchTerm'); const searchTerm = escapeExpression(this.get('searchTerm'));
if (!searchTerm) if (!searchTerm)
return []; return [];