github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-05-21 22:36:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent MySQL search operators from taking effect

Browse Source 
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
This commit is contained in:
Franz Liedke
2019-07-23 23:55:06 +02:00
committed by Daniël Klabbers
parent 64b53fb0ac
commit 0a22a66189
2 changed files with 52 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tests/integration/api/Controller/ListDiscussionsControllerTest.php
View File

@ -98,4 +98,52 @@ class ListDiscussionsControllerTest extends ApiControllerTestCase
// Order-independent comparison
$this->assertEquals(['2', '3'], $ids, 'IDs do not match', 0.0, 10, true);
}
/**
* @test
*/
public function ignores_non_word_characters_when_searching()
{
$this->database()->table('posts')->insert([
['id' => 2, 'discussion_id' => 2, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>not in text</p></t>'],
['id' => 3, 'discussion_id' => 3, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>lightsail in text</p></t>'],
]);
$this->database()->table('discussions')->insert([
['id' => 2, 'title' => 'lightsail in title', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 2, 'comment_count' => 1],
['id' => 3, 'title' => 'not in title', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 3, 'comment_count' => 1],
]);
$response = $this->callWith([], [
'filter' => ['q' => 'lightsail+'],
'include' => 'mostRelevantPost'
]);
$data = json_decode($response->getBody()->getContents(), true);
$ids = array_map(function ($row) {
return $row['id'];
}, $data['data']);
// Order-independent comparison
$this->assertEquals(['2', '3'], $ids, 'IDs do not match', 0.0, 10, true);
}
/**
* @test
*/
public function search_for_special_characters_gives_empty_result()
{
$response = $this->callWith([], [
'filter' => ['q' => '*'],
'include' => 'mostRelevantPost'
]);
$data = json_decode($response->getBody()->getContents(), true);
$this->assertEquals([], $data['data']);
$response = $this->callWith([], [
'filter' => ['q' => '@'],
'include' => 'mostRelevantPost'
]);
$data = json_decode($response->getBody()->getContents(), true);
$this->assertEquals([], $data['data']);
}
}