Fixed issue with searching invalid chars and page-content compiliation
Showing
6 changed files
with
22 additions
and
10 deletions
| ... | @@ -115,12 +115,12 @@ abstract class Entity extends Model | ... | @@ -115,12 +115,12 @@ abstract class Entity extends Model |
| 115 | { | 115 | { |
| 116 | $termString = ''; | 116 | $termString = ''; |
| 117 | foreach ($terms as $term) { | 117 | foreach ($terms as $term) { |
| 118 | - $termString .= $term . '* '; | 118 | + $termString .= htmlentities($term) . '* '; |
| 119 | } | 119 | } |
| 120 | $fields = implode(',', $fieldsToSearch); | 120 | $fields = implode(',', $fieldsToSearch); |
| 121 | $termStringEscaped = \DB::connection()->getPdo()->quote($termString); | 121 | $termStringEscaped = \DB::connection()->getPdo()->quote($termString); |
| 122 | $search = static::addSelect(\DB::raw('*, MATCH(name) AGAINST('.$termStringEscaped.' IN BOOLEAN MODE) AS title_relevance')); | 122 | $search = static::addSelect(\DB::raw('*, MATCH(name) AGAINST('.$termStringEscaped.' IN BOOLEAN MODE) AS title_relevance')); |
| 123 | - $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termString]); | 123 | + $search = $search->whereRaw('MATCH(' . $fields . ') AGAINST(? IN BOOLEAN MODE)', [$termStringEscaped]); |
| 124 | 124 | ||
| 125 | // Add additional where terms | 125 | // Add additional where terms |
| 126 | foreach ($wheres as $whereTerm) { | 126 | foreach ($wheres as $whereTerm) { | ... | ... |
| ... | @@ -222,9 +222,9 @@ class BookRepo | ... | @@ -222,9 +222,9 @@ class BookRepo |
| 222 | */ | 222 | */ |
| 223 | public function getBySearch($term) | 223 | public function getBySearch($term) |
| 224 | { | 224 | { |
| 225 | - $terms = explode(' ', preg_quote(trim($term))); | 225 | + $terms = explode(' ', $term); |
| 226 | $books = $this->book->fullTextSearch(['name', 'description'], $terms); | 226 | $books = $this->book->fullTextSearch(['name', 'description'], $terms); |
| 227 | - $words = join('|', $terms); | 227 | + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); |
| 228 | foreach ($books as $book) { | 228 | foreach ($books as $book) { |
| 229 | //highlight | 229 | //highlight |
| 230 | $result = preg_replace('#' . $words . '#iu', "<span class=\"highlight\">\$0</span>", $book->getExcerpt(100)); | 230 | $result = preg_replace('#' . $words . '#iu', "<span class=\"highlight\">\$0</span>", $book->getExcerpt(100)); | ... | ... |
| ... | @@ -129,9 +129,9 @@ class ChapterRepo | ... | @@ -129,9 +129,9 @@ class ChapterRepo |
| 129 | */ | 129 | */ |
| 130 | public function getBySearch($term, $whereTerms = []) | 130 | public function getBySearch($term, $whereTerms = []) |
| 131 | { | 131 | { |
| 132 | - $terms = explode(' ', preg_quote(trim($term))); | 132 | + $terms = explode(' ', $term); |
| 133 | $chapters = $this->chapter->fullTextSearch(['name', 'description'], $terms, $whereTerms); | 133 | $chapters = $this->chapter->fullTextSearch(['name', 'description'], $terms, $whereTerms); |
| 134 | - $words = join('|', $terms); | 134 | + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); |
| 135 | foreach ($chapters as $chapter) { | 135 | foreach ($chapters as $chapter) { |
| 136 | //highlight | 136 | //highlight |
| 137 | $result = preg_replace('#' . $words . '#iu', "<span class=\"highlight\">\$0</span>", $chapter->getExcerpt(100)); | 137 | $result = preg_replace('#' . $words . '#iu', "<span class=\"highlight\">\$0</span>", $chapter->getExcerpt(100)); | ... | ... |
| ... | @@ -177,11 +177,11 @@ class PageRepo | ... | @@ -177,11 +177,11 @@ class PageRepo |
| 177 | */ | 177 | */ |
| 178 | public function getBySearch($term, $whereTerms = []) | 178 | public function getBySearch($term, $whereTerms = []) |
| 179 | { | 179 | { |
| 180 | - $terms = explode(' ', preg_quote(trim($term))); | 180 | + $terms = explode(' ', $term); |
| 181 | $pages = $this->page->fullTextSearch(['name', 'text'], $terms, $whereTerms); | 181 | $pages = $this->page->fullTextSearch(['name', 'text'], $terms, $whereTerms); |
| 182 | 182 | ||
| 183 | // Add highlights to page text. | 183 | // Add highlights to page text. |
| 184 | - $words = join('|', $terms); | 184 | + $words = join('|', explode(' ', preg_quote(trim($term), '/'))); |
| 185 | //lookahead/behind assertions ensures cut between words | 185 | //lookahead/behind assertions ensures cut between words |
| 186 | $s = '\s\x00-/:-@\[-`{-~'; //character set for start/end of words | 186 | $s = '\s\x00-/:-@\[-`{-~'; //character set for start/end of words |
| 187 | 187 | ... | ... |
| 1 | -<h1 id="bkmrk-page-title">{{$page->name}}</h1> | 1 | +<div v-pre> |
| 2 | + <h1 id="bkmrk-page-title">{{$page->name}}</h1> | ||
| 2 | 3 | ||
| 3 | -{!! $page->html !!} | ||
| ... | \ No newline at end of file | ... | \ No newline at end of file |
| 4 | + {!! $page->html !!} | ||
| 5 | +</div> | ||
| ... | \ No newline at end of file | ... | \ No newline at end of file | ... | ... |
| ... | @@ -170,6 +170,16 @@ class EntityTest extends TestCase | ... | @@ -170,6 +170,16 @@ class EntityTest extends TestCase |
| 170 | ->seePageIs($page->getUrl()); | 170 | ->seePageIs($page->getUrl()); |
| 171 | } | 171 | } |
| 172 | 172 | ||
| 173 | + public function testInvalidPageSearch() | ||
| 174 | + { | ||
| 175 | + $this->asAdmin() | ||
| 176 | + ->visit('/') | ||
| 177 | + ->type('<p>test</p>', 'term') | ||
| 178 | + ->press('header-search-box-button') | ||
| 179 | + ->see('Search Results') | ||
| 180 | + ->seeStatusCode(200); | ||
| 181 | + } | ||
| 182 | + | ||
| 173 | 183 | ||
| 174 | public function testEntitiesViewableAfterCreatorDeletion() | 184 | public function testEntitiesViewableAfterCreatorDeletion() |
| 175 | { | 185 | { | ... | ... |
-
Please register or sign in to post a comment