Correctly escape search query

Dmitriy Zaporozhets · Jacob Vosmaer
1 parent 8a5bf011
Showing 1 changed file with 2 additions and 1 deletions Show diff stats
app/contexts/search_context.rb
@@ -6,7 +6,8 @@ class SearchContext
   end
   def execute
-    query = Shellwords.shellescape(params[:search])
+    query = params[:search]
+    query = Shellwords.shellescape(query) if query.present?
     return result unless query.present?
	@@ -6,7 +6,8 @@ class SearchContext		@@ -6,7 +6,8 @@ class SearchContext
6	end	6	end
7		7
8	def execute	8	def execute
9	- query = Shellwords.shellescape(params[:search])	9	+ query = params[:search]
		10	+ query = Shellwords.shellescape(query) if query.present?
10		11
11	return result unless query.present?	12	return result unless query.present?
12		13