aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-01-11 17:09:47 +0300
committerGravatar Vitaly Takmazov2023-01-11 17:09:47 +0300
commitc620d66ae21f1eae6d056c1530ce91a7ef2285c5 (patch)
treeae394473074608bb5645107128efc5edc78dd5b9 /src/main/java/com/juick
parente71278631c775bf5e3d269ca8986ac7feae73451 (diff)
Do not double escape search string
Diffstat (limited to 'src/main/java/com/juick')
-rw-r--r--src/main/java/com/juick/service/SphinxSearchService.java9
-rw-r--r--src/main/java/com/juick/www/api/Messages.java4
-rw-r--r--src/main/java/com/juick/www/controllers/Site.java4
3 files changed, 9 insertions, 8 deletions
diff --git a/src/main/java/com/juick/service/SphinxSearchService.java b/src/main/java/com/juick/service/SphinxSearchService.java
index 06faafc5..3775d09f 100644
--- a/src/main/java/com/juick/service/SphinxSearchService.java
+++ b/src/main/java/com/juick/service/SphinxSearchService.java
@@ -18,6 +18,7 @@
package com.juick.service;
import com.juick.model.User;
+import com.juick.util.WebUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Repository;
@@ -58,7 +59,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
Map<String, String> sphinxQuery = new HashMap<>();
sphinxQuery.put("limit", String.valueOf(maxResult));
sphinxQuery.put("mode", "any");
- sphinxQuery.put("sort", sortHint(searchString));
+ sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString)));
String usersFilter = userService.getUserBLUsers(visitor.getUid()).stream().map(u -> String.valueOf(u.getUid())).collect(Collectors.joining(","));
sphinxQuery.put("!filter", "user_id," + usersFilter);
if (page > 0) {
@@ -66,7 +67,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
}
return getJdbcTemplate().queryForList(
- String.format("SELECT id FROM search WHERE query = '%s;%s'", searchString,
+ String.format("SELECT id FROM search WHERE query = '%s;%s'", WebUtils.encodeSphinx(searchString),
sphinxQuery.entrySet().stream().map(Object::toString)
.collect(Collectors.joining(";"))), Integer.class);
}
@@ -79,12 +80,12 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
Map<String, String> sphinxQuery = new HashMap<>();
sphinxQuery.put("limit", String.valueOf(maxResult));
sphinxQuery.put("mode", "any");
- sphinxQuery.put("sort", sortHint(searchString));
+ sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString)));
if (page > 0) {
sphinxQuery.put("offset", String.valueOf(page * maxResult));
}
return getJdbcTemplate().queryForList(
- String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", searchString,
+ String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", WebUtils.encodeSphinx(searchString),
sphinxQuery.entrySet().stream().map(Object::toString)
.collect(Collectors.joining(";")), userId), Integer.class);
}
diff --git a/src/main/java/com/juick/www/api/Messages.java b/src/main/java/com/juick/www/api/Messages.java
index c23976f4..e23356a4 100644
--- a/src/main/java/com/juick/www/api/Messages.java
+++ b/src/main/java/com/juick/www/api/Messages.java
@@ -104,7 +104,7 @@ public class Messages {
} else if (daysback > 0) {
mids = messagesService.getUserBlogAtDay(user.getUid(), 0, daysback);
} else if (StringUtils.hasText(search)) {
- mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0,
+ mids = messagesService.getUserSearch(visitor, user.getUid(), search, 0,
page);
} else {
mids = messagesService.getUserBlog(user.getUid(), 0, before);
@@ -125,7 +125,7 @@ public class Messages {
throw new HttpNotFoundException();
}
} else if (StringUtils.hasText(search)) {
- mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(search), page);
+ mids = messagesService.getSearch(visitor, search, page);
} else {
mids = messagesService.getAll(visitor.getUid(), before);
}
diff --git a/src/main/java/com/juick/www/controllers/Site.java b/src/main/java/com/juick/www/controllers/Site.java
index 1169414f..3bf27772 100644
--- a/src/main/java/com/juick/www/controllers/Site.java
+++ b/src/main/java/com/juick/www/controllers/Site.java
@@ -150,7 +150,7 @@ public class Site {
if (paramSearch != null) {
String searchTitle = ResourceBundle.getBundle("messages", locale).getString("title.search");
title = searchTitle + StringEscapeUtils.escapeHtml4(paramSearch);
- mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(paramSearch), page);
+ mids = messagesService.getSearch(visitor, paramSearch, page);
} else if (paramShow == null) {
title = ResourceBundle.getBundle("messages", locale).getString("link.discuss");
mids = messagesService.getDiscussions(visitor.getUid(), paramTo);
@@ -266,7 +266,7 @@ public class Site {
mids = messagesService.getUserTag(user.getUid(), paramTag.TID, privacy, before);
} else if (paramSearch != null) {
title = "Блог " + user.getName() + ": " + StringEscapeUtils.escapeHtml4(paramSearch);
- mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(paramSearch),
+ mids = messagesService.getUserSearch(visitor, user.getUid(), paramSearch,
privacy, page);
} else {
title = "Блог " + user.getName();