diff options
author | Vitaly Takmazov | 2023-01-11 17:09:47 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2023-01-11 17:09:47 +0300 |
commit | c620d66ae21f1eae6d056c1530ce91a7ef2285c5 (patch) | |
tree | ae394473074608bb5645107128efc5edc78dd5b9 /src/main/java/com/juick | |
parent | e71278631c775bf5e3d269ca8986ac7feae73451 (diff) |
Do not double escape search string
Diffstat (limited to 'src/main/java/com/juick')
-rw-r--r-- | src/main/java/com/juick/service/SphinxSearchService.java | 9 | ||||
-rw-r--r-- | src/main/java/com/juick/www/api/Messages.java | 4 | ||||
-rw-r--r-- | src/main/java/com/juick/www/controllers/Site.java | 4 |
3 files changed, 9 insertions, 8 deletions
diff --git a/src/main/java/com/juick/service/SphinxSearchService.java b/src/main/java/com/juick/service/SphinxSearchService.java index 06faafc5..3775d09f 100644 --- a/src/main/java/com/juick/service/SphinxSearchService.java +++ b/src/main/java/com/juick/service/SphinxSearchService.java @@ -18,6 +18,7 @@ package com.juick.service; import com.juick.model.User; +import com.juick.util.WebUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.stereotype.Repository; @@ -58,7 +59,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic Map<String, String> sphinxQuery = new HashMap<>(); sphinxQuery.put("limit", String.valueOf(maxResult)); sphinxQuery.put("mode", "any"); - sphinxQuery.put("sort", sortHint(searchString)); + sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString))); String usersFilter = userService.getUserBLUsers(visitor.getUid()).stream().map(u -> String.valueOf(u.getUid())).collect(Collectors.joining(",")); sphinxQuery.put("!filter", "user_id," + usersFilter); if (page > 0) { @@ -66,7 +67,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic } return getJdbcTemplate().queryForList( - String.format("SELECT id FROM search WHERE query = '%s;%s'", searchString, + String.format("SELECT id FROM search WHERE query = '%s;%s'", WebUtils.encodeSphinx(searchString), sphinxQuery.entrySet().stream().map(Object::toString) .collect(Collectors.joining(";"))), Integer.class); } @@ -79,12 +80,12 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic Map<String, String> sphinxQuery = new HashMap<>(); sphinxQuery.put("limit", String.valueOf(maxResult)); sphinxQuery.put("mode", "any"); - sphinxQuery.put("sort", sortHint(searchString)); + sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString))); if (page > 0) { sphinxQuery.put("offset", String.valueOf(page * maxResult)); } return getJdbcTemplate().queryForList( - String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", searchString, + String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", WebUtils.encodeSphinx(searchString), sphinxQuery.entrySet().stream().map(Object::toString) .collect(Collectors.joining(";")), userId), Integer.class); } diff --git a/src/main/java/com/juick/www/api/Messages.java b/src/main/java/com/juick/www/api/Messages.java index c23976f4..e23356a4 100644 --- a/src/main/java/com/juick/www/api/Messages.java +++ b/src/main/java/com/juick/www/api/Messages.java @@ -104,7 +104,7 @@ public class Messages { } else if (daysback > 0) { mids = messagesService.getUserBlogAtDay(user.getUid(), 0, daysback); } else if (StringUtils.hasText(search)) { - mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0, + mids = messagesService.getUserSearch(visitor, user.getUid(), search, 0, page); } else { mids = messagesService.getUserBlog(user.getUid(), 0, before); @@ -125,7 +125,7 @@ public class Messages { throw new HttpNotFoundException(); } } else if (StringUtils.hasText(search)) { - mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(search), page); + mids = messagesService.getSearch(visitor, search, page); } else { mids = messagesService.getAll(visitor.getUid(), before); } diff --git a/src/main/java/com/juick/www/controllers/Site.java b/src/main/java/com/juick/www/controllers/Site.java index 1169414f..3bf27772 100644 --- a/src/main/java/com/juick/www/controllers/Site.java +++ b/src/main/java/com/juick/www/controllers/Site.java @@ -150,7 +150,7 @@ public class Site { if (paramSearch != null) { String searchTitle = ResourceBundle.getBundle("messages", locale).getString("title.search"); title = searchTitle + StringEscapeUtils.escapeHtml4(paramSearch); - mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(paramSearch), page); + mids = messagesService.getSearch(visitor, paramSearch, page); } else if (paramShow == null) { title = ResourceBundle.getBundle("messages", locale).getString("link.discuss"); mids = messagesService.getDiscussions(visitor.getUid(), paramTo); @@ -266,7 +266,7 @@ public class Site { mids = messagesService.getUserTag(user.getUid(), paramTag.TID, privacy, before); } else if (paramSearch != null) { title = "Блог " + user.getName() + ": " + StringEscapeUtils.escapeHtml4(paramSearch); - mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(paramSearch), + mids = messagesService.getUserSearch(visitor, user.getUid(), paramSearch, privacy, page); } else { title = "Блог " + user.getName(); |