FIX: Replace all quote-like unicodes with quotes (#19714)
If unaccent is called with quote-like Unicode characters then it can generate invalid queries because some of the transformed quotes by unaccent are not escaped and to_tsquery fails because of bad input. This commits replaces more quote-like Unicode characters before unaccent is called.
This commit is contained in:
parent
ba3a6da5db
commit
fb780c50fd
|
@ -1230,9 +1230,11 @@ class Search
|
|||
end
|
||||
|
||||
def self.escape_string(term)
|
||||
# HACK: The ’ has to be "unaccented" before it is escaped or the resulting
|
||||
# tsqueries will be invalid
|
||||
term = term.gsub("\u{2019}", "'") if SiteSetting.search_ignore_accents
|
||||
# HACK: The ’ and other similar characters have to be "unaccented" before
|
||||
# it is escaped or the resulting tsqueries will be invalid
|
||||
if SiteSetting.search_ignore_accents
|
||||
term = term.gsub(/[\u02b9\u02bb\u02bc\u02bd\u02c8\u2018\u2019\u201b\u2032\uff07]/, "'")
|
||||
end
|
||||
|
||||
PG::Connection.escape_string(term).gsub('\\', '\\\\\\')
|
||||
end
|
||||
|
|
|
@ -645,6 +645,12 @@ RSpec.describe Topic do
|
|||
expect(Topic.similar_to("怎么上自己的", "")).to eq([])
|
||||
end
|
||||
|
||||
it "does not result in invalid statement when title contains unicode characters" do
|
||||
SiteSetting.search_ignore_accents = true
|
||||
|
||||
expect(Topic.similar_to("'bad quotes'", "'bad quotes'")).to eq([])
|
||||
end
|
||||
|
||||
context "with a similar topic" do
|
||||
fab!(:post) do
|
||||
SearchIndexer.enable
|
||||
|
|
Loading…
Reference in New Issue