FIX: Prevent tricking the search from ignoring minimum lengths

2016-08-09 14:48:39 -04:00 · 2016-08-09 14:48:39 -04:00 · 28436a604a
parent c1125c8649
commit 28436a604a
3 changed files with 47 additions and 10 deletions
--- a/app/assets/javascripts/discourse/lib/search.js.es6
+++ b/app/assets/javascripts/discourse/lib/search.js.es6
@ -70,7 +70,7 @@ export function translateResults(results, opts) {
  return noResults ? null : Em.Object.create(results);
 }

-function searchForTerm(term, opts) {
+export function searchForTerm(term, opts) {
  if (!opts) opts = {};

  // Only include the data we have
@ -94,7 +94,7 @@ function searchForTerm(term, opts) {
  return promise;
 }

-const searchContextDescription = function(type, name){
+export function searchContextDescription(type, name) {
  if (type) {
    switch(type) {
      case 'topic':
@ -109,17 +109,15 @@ const searchContextDescription = function(type, name){
  }
 };

-const getSearchKey = function(args){
+export function getSearchKey(args) {
  return args.q + "|" + ((args.searchContext && args.searchContext.type) || "") + "|" +
                      ((args.searchContext && args.searchContext.id) || "");
 };

-const isValidSearchTerm = function(searchTerm) {
+export function isValidSearchTerm(searchTerm) {
  if (searchTerm) {
    return searchTerm.trim().length >= Discourse.SiteSettings.min_search_term_length;
  } else {
    return false;
  }
 };
-
-export { searchForTerm, searchContextDescription, getSearchKey, isValidSearchTerm };
--- a/lib/search.rb
+++ b/lib/search.rb
@ -128,6 +128,8 @@ class Search
    end
  end

+  attr_accessor :term
+
  def initialize(term, opts=nil)
    @opts = opts || {}
    @guardian = @opts[:guardian] || Guardian.new
@ -135,6 +137,7 @@ class Search
    @include_blurbs = @opts[:include_blurbs] || false
    @blurb_length = @opts[:blurb_length]
    @limit = Search.per_facet
+    @valid = true

    term = process_advanced_search!(term)

@ -155,14 +158,27 @@ class Search
    @results = GroupedSearchResults.new(@opts[:type_filter], term, @search_context, @include_blurbs, @blurb_length)
  end

+  def valid?
+    @valid
+  end
+
  def self.execute(term, opts=nil)
    self.new(term, opts).execute
  end

  # Query a term
  def execute
-    if @term.blank? || @term.length < (@opts[:min_search_term_length] || SiteSetting.min_search_term_length)
-      return nil unless @filters.present?
+
+    unless @filters.present?
+      min_length = @opts[:min_search_term_length] || SiteSetting.min_search_term_length
+      terms = (@term || '').split(/\s(?=(?:[^"]|"[^"]*")*$)/).reject {|t| t.length < min_length }
+
+      if terms.blank?
+        @term = ''
+        @valid = false
+        return
+      end
+      @term = terms.join(' ')
    end

    # If the term is a number or url to a topic, just include that topic
--- a/spec/components/search_spec.rb
+++ b/spec/components/search_spec.rb
@ -61,8 +61,31 @@ describe Search do
  end

  it 'does not search when the search term is too small' do
-    ActiveRecord::Base.expects(:exec_sql).never
-    Search.execute('evil', min_search_term_length: 5)
+    search = Search.new('evil', min_search_term_length: 5)
+    search.execute
+    expect(search.valid?).to eq(false)
+    expect(search.term).to eq('')
+  end
+
+  it 'does not search for multiple small terms' do
+    search = Search.new('a b c d', min_search_term_length: 5)
+    search.execute
+    expect(search.valid?).to eq(false)
+    expect(search.term).to eq('')
+  end
+
+  it 'searches for quoted short terms' do
+    search = Search.new('"a b c d"', min_search_term_length: 5)
+    search.execute
+    expect(search.valid?).to eq(true)
+    expect(search.term).to eq('"a b c d"')
+  end
+
+  it 'discards short terms' do
+    search = Search.new('a b c okaylength', min_search_term_length: 5)
+    search.execute
+    expect(search.valid?).to eq(true)
+    expect(search.term).to eq('okaylength')
  end

  it 'escapes non alphanumeric characters' do