From 3e0bf7a91b6244b0eb0e98637a0c624a8794d5cf Mon Sep 17 00:00:00 2001 From: Marcelo Júnior Date: Fri, 28 Aug 2015 14:36:45 -0300 Subject: [PATCH] fix tag search with accented latin characters --- app/controllers/public/search_controller.rb | 3 ++- test/functional/search_controller_test.rb | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/public/search_controller.rb b/app/controllers/public/search_controller.rb index c1f9ca0..f738508 100644 --- a/app/controllers/public/search_controller.rb +++ b/app/controllers/public/search_controller.rb @@ -137,7 +137,8 @@ class SearchController < PublicController def tag @tag = params[:tag] - @tag_cache_key = "tag_#{CGI.escape(@tag.to_s)}_env_#{environment.id.to_s}_page_#{params[:npage]}" + tag_str = @tag.kind_of?(Array) ? @tag.join(" ") : @tag.to_str + @tag_cache_key = "tag_#{CGI.escape(tag_str)}_env_#{environment.id.to_s}_page_#{params[:npage]}" if is_cache_expired?(@tag_cache_key) @searches[@asset] = {:results => environment.articles.tagged_with(@tag).paginate(paginate_options)} end diff --git a/test/functional/search_controller_test.rb b/test/functional/search_controller_test.rb index ade6ec5..710e8ff 100644 --- a/test/functional/search_controller_test.rb +++ b/test/functional/search_controller_test.rb @@ -772,6 +772,11 @@ class SearchControllerTest < ActionController::TestCase assert_equivalent [t1,t2,c1,c2,c3,c4] , assigns(:searches)[:communities][:results] end + should 'not raise an exception if tag query contains accented latin characters' do + tag_query = 'àáâãäå' + assert_nothing_raised(NoMethodError) { get :tag, :tag => tag_query } + end + should 'not allow query injection' do injection = 'SearchParam' get :tag, :tag => injection -- libgit2 0.21.2