Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Single quotes in search terms would raise an error.

This commit is contained in:
Robin Ward 2013-08-26 16:25:02 -04:00
parent 3708d47c87
commit 1c3c468675
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/search.rb
View File

@ -177,8 +177,8 @@ class Search
def ts_query
@ts_query ||= begin
escaped_term = PG::Connection.escape_string(@term.gsub(/[:()&!]/,''))
query = Post.sanitize(escaped_term.split.map {|t| "#{t}:*"}.join(" & "))
all_terms = @term.gsub(/[:()&!'"]/,'').split
query = Post.sanitize(all_terms.map {|t| "#{PG::Connection.escape_string(t)}:*"}.join(" & "))
"TO_TSQUERY(#{query_locale}, #{query})"
end
end

4
spec/components/search_spec.rb
View File

@ -92,6 +92,10 @@ describe Search do
Search.new('foo :!$);}]>@\#\"\'').execute.should be_blank # There are at least three levels of sanitation for Search.query!
end
it "doesn't raise an error when single quotes are present" do
Search.new("'hello' world").execute.should be_blank # There are at least three levels of sanitation for Search.query!
end
it 'works when given two terms with spaces' do
lambda { Search.new('evil trout').execute }.should_not raise_error
end