Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: Use safer SQL function for string queries when searching groups (#26851) 

... so that special characters in 'term' aren't interpreted by ILIKE.
This commit is contained in:
Daniel Waterworth 2024-05-02 13:41:49 -05:00 committed by GitHub
parent f28742e597
commit d937f5b098
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/groups_controller.rb
View File

@ -638,7 +638,10 @@ class GroupsController < ApplicationController
if (term = params[:term]).present?
groups =
groups.where("groups.name ILIKE :term OR groups.full_name ILIKE :term", term: "%#{term}%")
groups.where(
"position(LOWER(:term) IN LOWER(groups.name)) <> 0 OR position(LOWER(:term) IN LOWER(groups.full_name)) <> 0",
term: term,
)
end
groups = groups.where(automatic: false) if params[:ignore_automatic].to_s == "true"