Download as
Browse Code »

Commit 3e0bf7a91b6244b0eb0e98637a0c624a8794d5cf

Authored by Francisco Júnior
1 parent cd4eff3c
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

fix tag search with accented latin characters

Showing 2 changed files with 7 additions and 1 deletions   Show diff stats
app/controllers/public/search_controller.rb
  Diff comments   View file @3e0bf7a
@@ -137,7 +137,8 @@ class SearchController < PublicController @@ -137,7 +137,8 @@ class SearchController < PublicController
137 137
138 def tag 138 def tag
139 @tag = params[:tag] 139 @tag = params[:tag]
140 - @tag_cache_key = "tag_#{CGI.escape(@tag.to_s)}_env_#{environment.id.to_s}_page_#{params[:npage]}" 140 + tag_str = @tag.kind_of?(Array) ? @tag.join(" ") : @tag.to_str
  141 + @tag_cache_key = "tag_#{CGI.escape(tag_str)}_env_#{environment.id.to_s}_page_#{params[:npage]}"
141 if is_cache_expired?(@tag_cache_key) 142 if is_cache_expired?(@tag_cache_key)
142 @searches[@asset] = {:results => environment.articles.tagged_with(@tag).paginate(paginate_options)} 143 @searches[@asset] = {:results => environment.articles.tagged_with(@tag).paginate(paginate_options)}
143 end 144 end
test/functional/search_controller_test.rb
  Diff comments   View file @3e0bf7a
@@ -772,6 +772,11 @@ class SearchControllerTest < ActionController::TestCase @@ -772,6 +772,11 @@ class SearchControllerTest < ActionController::TestCase
772 assert_equivalent [t1,t2,c1,c2,c3,c4] , assigns(:searches)[:communities][:results] 772 assert_equivalent [t1,t2,c1,c2,c3,c4] , assigns(:searches)[:communities][:results]
773 end 773 end
774 774
  775 + should 'not raise an exception if tag query contains accented latin characters' do
  776 + tag_query = 'àáâãäå'
  777 + assert_nothing_raised(NoMethodError) { get :tag, :tag => tag_query }
  778 + end
  779 +
775 should 'not allow query injection' do 780 should 'not allow query injection' do
776 injection = '<iMg SrC=x OnErRoR=document.documentElement.innerHTML=1>SearchParam' 781 injection = '<iMg SrC=x OnErRoR=document.documentElement.innerHTML=1>SearchParam'
777 get :tag, :tag => injection 782 get :tag, :tag => injection