From 445f939822df06e89b136b6be00c1cde05582d33 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 29 Dec 2015 15:37:13 +0000 Subject: [PATCH] Fixed issue with searching invalid chars and page-content compiliation --- app/Entity.php | 4 ++-- app/Repos/BookRepo.php | 4 ++-- app/Repos/ChapterRepo.php | 4 ++-- app/Repos/PageRepo.php | 4 ++-- resources/views/pages/page-display.blade.php | 6 ++++-- tests/EntityTest.php | 10 ++++++++++ 6 files changed, 22 insertions(+), 10 deletions(-) diff --git a/app/Entity.php b/app/Entity.php index 5ccc016a3..3d1c4ad58 100644 --- a/app/Entity.php +++ b/app/Entity.php @@ -115,12 +115,12 @@ abstract class Entity extends Model { $termString = ''; foreach ($terms as $term) { - $termString .= $term . '* '; + $termString .= htmlentities($term) . '* '; } $fields = implode(',', $fieldsToSearch); $termStringEscaped = \DB::connection()->getPdo()->quote($termString); $search = static::addSelect(\DB::raw('*, MATCH(name) AGAINST('.$termStringEscaped.' IN BOOLEAN MODE) AS title_relevance')); - $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termString]); + $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termStringEscaped]); // Add additional where terms foreach ($wheres as $whereTerm) { diff --git a/app/Repos/BookRepo.php b/app/Repos/BookRepo.php index 031e3b44c..a57050ce2 100644 --- a/app/Repos/BookRepo.php +++ b/app/Repos/BookRepo.php @@ -222,9 +222,9 @@ class BookRepo */ public function getBySearch($term) { - $terms = explode(' ', preg_quote(trim($term))); + $terms = explode(' ', $term); $books = $this->book->fullTextSearch(['name', 'description'], $terms); - $words = join('|', $terms); + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); foreach ($books as $book) { //highlight $result = preg_replace('#' . $words . '#iu', "\$0", $book->getExcerpt(100)); diff --git a/app/Repos/ChapterRepo.php b/app/Repos/ChapterRepo.php index 1e4996a40..3824e6982 100644 --- a/app/Repos/ChapterRepo.php +++ b/app/Repos/ChapterRepo.php @@ -129,9 +129,9 @@ class ChapterRepo */ public function getBySearch($term, $whereTerms = []) { - $terms = explode(' ', preg_quote(trim($term))); + $terms = explode(' ', $term); $chapters = $this->chapter->fullTextSearch(['name', 'description'], $terms, $whereTerms); - $words = join('|', $terms); + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); foreach ($chapters as $chapter) { //highlight $result = preg_replace('#' . $words . '#iu', "\$0", $chapter->getExcerpt(100)); diff --git a/app/Repos/PageRepo.php b/app/Repos/PageRepo.php index e049ae57b..05052432e 100644 --- a/app/Repos/PageRepo.php +++ b/app/Repos/PageRepo.php @@ -177,11 +177,11 @@ class PageRepo */ public function getBySearch($term, $whereTerms = []) { - $terms = explode(' ', preg_quote(trim($term))); + $terms = explode(' ', $term); $pages = $this->page->fullTextSearch(['name', 'text'], $terms, $whereTerms); // Add highlights to page text. - $words = join('|', $terms); + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); //lookahead/behind assertions ensures cut between words $s = '\s\x00-/:-@\[-`{-~'; //character set for start/end of words diff --git a/resources/views/pages/page-display.blade.php b/resources/views/pages/page-display.blade.php index 8d3625db8..13db89d26 100644 --- a/resources/views/pages/page-display.blade.php +++ b/resources/views/pages/page-display.blade.php @@ -1,3 +1,5 @@ -

{{$page->name}}

+
+

{{$page->name}}

-{!! $page->html !!} \ No newline at end of file + {!! $page->html !!} +
\ No newline at end of file diff --git a/tests/EntityTest.php b/tests/EntityTest.php index 07553e7dc..b883e8543 100644 --- a/tests/EntityTest.php +++ b/tests/EntityTest.php @@ -170,6 +170,16 @@ class EntityTest extends TestCase ->seePageIs($page->getUrl()); } + public function testInvalidPageSearch() + { + $this->asAdmin() + ->visit('/') + ->type('

test

', 'term') + ->press('header-search-box-button') + ->see('Search Results') + ->seeStatusCode(200); + } + public function testEntitiesViewableAfterCreatorDeletion() {