From bd9d4b3d0d15fc1ff77dd75fb4793d33bc9f61d2 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Wed, 3 Jun 2020 23:59:59 -0700
Subject: [PATCH] fix: backslash in search query not escaped

---
 server/models/Document.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/server/models/Document.js b/server/models/Document.js
index 42939580..256dcbad 100644
--- a/server/models/Document.js
+++ b/server/models/Document.js
@@ -254,6 +254,12 @@ type SearchOptions = {
   includeDrafts?: boolean,
 };
 
+function escape(query: string): string {
+  // replace "\" with escaped "\\" because sequelize.escape doesn't do it
+  // https://github.com/sequelize/sequelize/issues/2950
+  return sequelize.escape(query).replace('\\', '\\\\');
+}
+
 Document.searchForTeam = async (
   team,
   query,
@@ -261,7 +267,7 @@ Document.searchForTeam = async (
 ): Promise<SearchResult[]> => {
   const limit = options.limit || 15;
   const offset = options.offset || 0;
-  const wildcardQuery = `${sequelize.escape(query)}:*`;
+  const wildcardQuery = `${escape(query)}:*`;
   const collectionIds = await team.collectionIds();
 
   // If the team has access no public collections then shortcircuit the rest of this
@@ -327,7 +333,7 @@ Document.searchForUser = async (
 ): Promise<SearchResult[]> => {
   const limit = options.limit || 15;
   const offset = options.offset || 0;
-  const wildcardQuery = `${sequelize.escape(query)}:*`;
+  const wildcardQuery = `${escape(query)}:*`;
 
   // Ensure we're filtering by the users accessible collections. If
   // collectionId is passed as an option it is assumed that the authorization