Commit 3e0bf7a91b6244b0eb0e98637a0c624a8794d5cf
1 parent
cd4eff3c
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
fix tag search with accented latin characters
Showing
2 changed files
with
7 additions
and
1 deletions
Show diff stats
app/controllers/public/search_controller.rb
| ... | ... | @@ -137,7 +137,8 @@ class SearchController < PublicController |
| 137 | 137 | |
| 138 | 138 | def tag |
| 139 | 139 | @tag = params[:tag] |
| 140 | - @tag_cache_key = "tag_#{CGI.escape(@tag.to_s)}_env_#{environment.id.to_s}_page_#{params[:npage]}" | |
| 140 | + tag_str = @tag.kind_of?(Array) ? @tag.join(" ") : @tag.to_str | |
| 141 | + @tag_cache_key = "tag_#{CGI.escape(tag_str)}_env_#{environment.id.to_s}_page_#{params[:npage]}" | |
| 141 | 142 | if is_cache_expired?(@tag_cache_key) |
| 142 | 143 | @searches[@asset] = {:results => environment.articles.tagged_with(@tag).paginate(paginate_options)} |
| 143 | 144 | end | ... | ... |
test/functional/search_controller_test.rb
| ... | ... | @@ -772,6 +772,11 @@ class SearchControllerTest < ActionController::TestCase |
| 772 | 772 | assert_equivalent [t1,t2,c1,c2,c3,c4] , assigns(:searches)[:communities][:results] |
| 773 | 773 | end |
| 774 | 774 | |
| 775 | + should 'not raise an exception if tag query contains accented latin characters' do | |
| 776 | + tag_query = 'àáâãäå' | |
| 777 | + assert_nothing_raised(NoMethodError) { get :tag, :tag => tag_query } | |
| 778 | + end | |
| 779 | + | |
| 775 | 780 | should 'not allow query injection' do |
| 776 | 781 | injection = '<iMg SrC=x OnErRoR=document.documentElement.innerHTML=1>SearchParam' |
| 777 | 782 | get :tag, :tag => injection | ... | ... |