From c620d66ae21f1eae6d056c1530ce91a7ef2285c5 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 11 Jan 2023 17:09:47 +0300
Subject: Do not double escape search string

---
 src/main/java/com/juick/service/SphinxSearchService.java | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/main/java/com/juick/service/SphinxSearchService.java')

diff --git a/src/main/java/com/juick/service/SphinxSearchService.java b/src/main/java/com/juick/service/SphinxSearchService.java
index 06faafc5..3775d09f 100644
--- a/src/main/java/com/juick/service/SphinxSearchService.java
+++ b/src/main/java/com/juick/service/SphinxSearchService.java
@@ -18,6 +18,7 @@
 package com.juick.service;
 
 import com.juick.model.User;
+import com.juick.util.WebUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Repository;
@@ -58,7 +59,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
         Map<String, String> sphinxQuery = new HashMap<>();
         sphinxQuery.put("limit", String.valueOf(maxResult));
         sphinxQuery.put("mode", "any");
-        sphinxQuery.put("sort", sortHint(searchString));
+        sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString)));
         String usersFilter = userService.getUserBLUsers(visitor.getUid()).stream().map(u -> String.valueOf(u.getUid())).collect(Collectors.joining(","));
         sphinxQuery.put("!filter", "user_id," + usersFilter);
         if (page > 0) {
@@ -66,7 +67,7 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
         }
 
         return getJdbcTemplate().queryForList(
-                String.format("SELECT id FROM search WHERE query = '%s;%s'", searchString,
+                String.format("SELECT id FROM search WHERE query = '%s;%s'", WebUtils.encodeSphinx(searchString),
                         sphinxQuery.entrySet().stream().map(Object::toString)
                                 .collect(Collectors.joining(";"))), Integer.class);
     }
@@ -79,12 +80,12 @@ public class SphinxSearchService extends BaseJdbcService implements SearchServic
         Map<String, String> sphinxQuery = new HashMap<>();
         sphinxQuery.put("limit", String.valueOf(maxResult));
         sphinxQuery.put("mode", "any");
-        sphinxQuery.put("sort", sortHint(searchString));
+        sphinxQuery.put("sort", sortHint(WebUtils.encodeSphinx(searchString)));
         if (page > 0) {
             sphinxQuery.put("offset", String.valueOf(page * maxResult));
         }
         return getJdbcTemplate().queryForList(
-                String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", searchString,
+                String.format("SELECT id FROM search WHERE query = '%s;%s;filter=user_id,%d'", WebUtils.encodeSphinx(searchString),
                         sphinxQuery.entrySet().stream().map(Object::toString)
                                 .collect(Collectors.joining(";")), userId), Integer.class);
     }
-- 
cgit v1.2.3