From 684b05f510f2df1901cee7bd63b0c44aaf972d16 Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Wed, 7 Jun 2017 15:23:48 +0900
Subject: [PATCH] FIX: Strip zero-width characters from search terms.

---
 .../discourse/controllers/full-page-search.js.es6    |  5 +++++
 app/assets/javascripts/discourse/lib/search.js.es6   |  4 ++--
 .../javascripts/discourse/widgets/search-menu.js.es6 |  5 +++++
 app/serializers/grouped_search_result_serializer.rb  |  2 +-
 lib/search.rb                                        |  4 +++-
 spec/components/search_spec.rb                       | 12 ++++++++++++
 test/javascripts/fixtures/search-fixtures.js.es6     |  1 +
 7 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/discourse/controllers/full-page-search.js.es6 b/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
index a6751b639ea..8f9a0edce08 100644
--- a/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
+++ b/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
@@ -186,6 +186,11 @@ export default Ember.Controller.extend({
 
     ajax("/search", { data: args }).then(results => {
       const model = translateResults(results) || {};
+
+      if (results.grouped_search_result) {
+        this.set('q', results.grouped_search_result.term);
+      }
+
       setTransient('lastSearch', { searchKey, model }, 5);
       this.set("model", model);
     }).finally(() => this.set("searching", false));
diff --git a/app/assets/javascripts/discourse/lib/search.js.es6 b/app/assets/javascripts/discourse/lib/search.js.es6
index 30ab32629f9..06c73ebf564 100644
--- a/app/assets/javascripts/discourse/lib/search.js.es6
+++ b/app/assets/javascripts/discourse/lib/search.js.es6
@@ -94,9 +94,9 @@ export function searchForTerm(term, opts) {
     };
   }
 
-  var promise = ajax('/search/query', { data: data });
+  let promise = ajax('/search/query', { data: data });
 
-  promise.then(function(results){
+  promise.then(results => {
     return translateResults(results, opts);
   });
 
diff --git a/app/assets/javascripts/discourse/widgets/search-menu.js.es6 b/app/assets/javascripts/discourse/widgets/search-menu.js.es6
index 9f462a12055..ba68383e59d 100644
--- a/app/assets/javascripts/discourse/widgets/search-menu.js.es6
+++ b/app/assets/javascripts/discourse/widgets/search-menu.js.es6
@@ -54,6 +54,11 @@ const SearchHelper = {
       this._activeSearch = searchForTerm(term, { typeFilter, searchContext, fullSearchUrl });
       this._activeSearch.then(content => {
         searchData.noResults = content.resultTypes.length === 0;
+
+        if (content.grouped_search_result) {
+          searchData.term = content.grouped_search_result.term;
+        }
+
         searchData.results = content;
       }).finally(() => {
         searchData.loading = false;
diff --git a/app/serializers/grouped_search_result_serializer.rb b/app/serializers/grouped_search_result_serializer.rb
index ff216c8a232..d50cdd565d0 100644
--- a/app/serializers/grouped_search_result_serializer.rb
+++ b/app/serializers/grouped_search_result_serializer.rb
@@ -2,5 +2,5 @@ class GroupedSearchResultSerializer < ApplicationSerializer
   has_many :posts, serializer: SearchPostSerializer
   has_many :users, serializer: SearchResultUserSerializer
   has_many :categories, serializer: BasicCategorySerializer
-  attributes :more_posts, :more_users, :more_categories
+  attributes :more_posts, :more_users, :more_categories, :term
 end
diff --git a/lib/search.rb b/lib/search.rb
index 543149b18e2..5df9de3ce97 100644
--- a/lib/search.rb
+++ b/lib/search.rb
@@ -161,10 +161,12 @@ class Search
     @limit = Search.per_facet
     @valid = true
 
+    # Removes any zero-width characters from search terms
+    term.to_s.gsub!(/[\u200B-\u200D\uFEFF]/, '')
     term = process_advanced_search!(term)
 
     if term.present?
-      @term = Search.prepare_data(term.to_s)
+      @term = Search.prepare_data(term)
       @original_term = PG::Connection.escape_string(@term)
     end
 
diff --git a/spec/components/search_spec.rb b/spec/components/search_spec.rb
index d215c8835c3..ef88b3e4a99 100644
--- a/spec/components/search_spec.rb
+++ b/spec/components/search_spec.rb
@@ -60,6 +60,18 @@ describe Search do
 
   end
 
+  it 'strips zero-width characters from search terms' do
+    term = "\u0063\u0061\u0070\u0079\u200b\u200c\u200d\ufeff\u0062\u0061\u0072\u0061".encode("UTF-8")
+
+    expect(term == 'capybara').to eq(false)
+
+    search =  Search.new(term)
+    search.execute
+
+    expect(search.valid?).to eq(true)
+    expect(search.term).to eq('capybara')
+  end
+
   it 'does not search when the search term is too small' do
     search = Search.new('evil', min_search_term_length: 5)
     search.execute
diff --git a/test/javascripts/fixtures/search-fixtures.js.es6 b/test/javascripts/fixtures/search-fixtures.js.es6
index f979f3d78bb..a0b8e22bdaa 100644
--- a/test/javascripts/fixtures/search-fixtures.js.es6
+++ b/test/javascripts/fixtures/search-fixtures.js.es6
@@ -1413,6 +1413,7 @@ export default {
       }
     ],
     "grouped_search_result": {
+      "term": "dev",
       "more_posts": true,
       "more_users": true,
       "more_categories": null,