FIX: Strip zero-width characters from search terms.

2017-06-07 15:23:48 +09:00 · 2017-06-07 15:23:48 +09:00 · 684b05f510
parent 0f214ed43f
commit 684b05f510
7 changed files with 29 additions and 4 deletions
--- a/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
+++ b/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
@ -186,6 +186,11 @@ export default Ember.Controller.extend({

    ajax("/search", { data: args }).then(results => {
      const model = translateResults(results) || {};
+
+      if (results.grouped_search_result) {
+        this.set('q', results.grouped_search_result.term);
+      }
+
      setTransient('lastSearch', { searchKey, model }, 5);
      this.set("model", model);
    }).finally(() => this.set("searching", false));
--- a/app/assets/javascripts/discourse/lib/search.js.es6
+++ b/app/assets/javascripts/discourse/lib/search.js.es6
@ -94,9 +94,9 @@ export function searchForTerm(term, opts) {
    };
  }

-  var promise = ajax('/search/query', { data: data });
+  let promise = ajax('/search/query', { data: data });

-  promise.then(function(results){
+  promise.then(results => {
    return translateResults(results, opts);
  });

--- a/app/assets/javascripts/discourse/widgets/search-menu.js.es6
+++ b/app/assets/javascripts/discourse/widgets/search-menu.js.es6
@ -54,6 +54,11 @@ const SearchHelper = {
      this._activeSearch = searchForTerm(term, { typeFilter, searchContext, fullSearchUrl });
      this._activeSearch.then(content => {
        searchData.noResults = content.resultTypes.length === 0;
+
+        if (content.grouped_search_result) {
+          searchData.term = content.grouped_search_result.term;
+        }
+
        searchData.results = content;
      }).finally(() => {
        searchData.loading = false;
--- a/app/serializers/grouped_search_result_serializer.rb
+++ b/app/serializers/grouped_search_result_serializer.rb
@ -2,5 +2,5 @@ class GroupedSearchResultSerializer < ApplicationSerializer
  has_many :posts, serializer: SearchPostSerializer
  has_many :users, serializer: SearchResultUserSerializer
  has_many :categories, serializer: BasicCategorySerializer
-  attributes :more_posts, :more_users, :more_categories
+  attributes :more_posts, :more_users, :more_categories, :term
 end
--- a/lib/search.rb
+++ b/lib/search.rb
@ -161,10 +161,12 @@ class Search
    @limit = Search.per_facet
    @valid = true

+    # Removes any zero-width characters from search terms
+    term.to_s.gsub!(/[\u200B-\u200D\uFEFF]/, '')
    term = process_advanced_search!(term)

    if term.present?
-      @term = Search.prepare_data(term.to_s)
+      @term = Search.prepare_data(term)
      @original_term = PG::Connection.escape_string(@term)
    end

--- a/spec/components/search_spec.rb
+++ b/spec/components/search_spec.rb
@ -60,6 +60,18 @@ describe Search do

  end

+  it 'strips zero-width characters from search terms' do
+    term = "\u0063\u0061\u0070\u0079\u200b\u200c\u200d\ufeff\u0062\u0061\u0072\u0061".encode("UTF-8")
+
+    expect(term == 'capybara').to eq(false)
+
+    search =  Search.new(term)
+    search.execute
+
+    expect(search.valid?).to eq(true)
+    expect(search.term).to eq('capybara')
+  end
+
  it 'does not search when the search term is too small' do
    search = Search.new('evil', min_search_term_length: 5)
    search.execute
--- a/test/javascripts/fixtures/search-fixtures.js.es6
+++ b/test/javascripts/fixtures/search-fixtures.js.es6
@ -1413,6 +1413,7 @@ export default {
      }
    ],
    "grouped_search_result": {
+      "term": "dev",
      "more_posts": true,
      "more_users": true,
      "more_categories": null,