fix: backslash in search query not escaped
This commit is contained in:
parent
4b4f4fd188
commit
bd9d4b3d0d
|
@ -254,6 +254,12 @@ type SearchOptions = {
|
|||
includeDrafts?: boolean,
|
||||
};
|
||||
|
||||
function escape(query: string): string {
|
||||
// replace "\" with escaped "\\" because sequelize.escape doesn't do it
|
||||
// https://github.com/sequelize/sequelize/issues/2950
|
||||
return sequelize.escape(query).replace('\\', '\\\\');
|
||||
}
|
||||
|
||||
Document.searchForTeam = async (
|
||||
team,
|
||||
query,
|
||||
|
@ -261,7 +267,7 @@ Document.searchForTeam = async (
|
|||
): Promise<SearchResult[]> => {
|
||||
const limit = options.limit || 15;
|
||||
const offset = options.offset || 0;
|
||||
const wildcardQuery = `${sequelize.escape(query)}:*`;
|
||||
const wildcardQuery = `${escape(query)}:*`;
|
||||
const collectionIds = await team.collectionIds();
|
||||
|
||||
// If the team has access no public collections then shortcircuit the rest of this
|
||||
|
@ -327,7 +333,7 @@ Document.searchForUser = async (
|
|||
): Promise<SearchResult[]> => {
|
||||
const limit = options.limit || 15;
|
||||
const offset = options.offset || 0;
|
||||
const wildcardQuery = `${sequelize.escape(query)}:*`;
|
||||
const wildcardQuery = `${escape(query)}:*`;
|
||||
|
||||
// Ensure we're filtering by the users accessible collections. If
|
||||
// collectionId is passed as an option it is assumed that the authorization
|
||||
|
|
Reference in New Issue