mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 14:42:46 +08:00
FIX: Single quotes in search terms would raise an error.
This commit is contained in:
parent
3708d47c87
commit
1c3c468675
|
@ -177,8 +177,8 @@ class Search
|
|||
|
||||
def ts_query
|
||||
@ts_query ||= begin
|
||||
escaped_term = PG::Connection.escape_string(@term.gsub(/[:()&!]/,''))
|
||||
query = Post.sanitize(escaped_term.split.map {|t| "#{t}:*"}.join(" & "))
|
||||
all_terms = @term.gsub(/[:()&!'"]/,'').split
|
||||
query = Post.sanitize(all_terms.map {|t| "#{PG::Connection.escape_string(t)}:*"}.join(" & "))
|
||||
"TO_TSQUERY(#{query_locale}, #{query})"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -92,6 +92,10 @@ describe Search do
|
|||
Search.new('foo :!$);}]>@\#\"\'').execute.should be_blank # There are at least three levels of sanitation for Search.query!
|
||||
end
|
||||
|
||||
it "doesn't raise an error when single quotes are present" do
|
||||
Search.new("'hello' world").execute.should be_blank # There are at least three levels of sanitation for Search.query!
|
||||
end
|
||||
|
||||
it 'works when given two terms with spaces' do
|
||||
lambda { Search.new('evil trout').execute }.should_not raise_error
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user