IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4595 from techAPJ/security

Browse Source 
SECURITY: escape advanced search term
This commit is contained in:
Arpit Jalan
2016-12-08 15:16:48 +05:30
committed by GitHub
parent b4cafc5e78 42b14b0d11
commit 1b76e82600
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/discourse/components/search-advanced-options.js.es6
View File

@@ -1,4 +1,5 @@
import { observes } from 'ember-addons/ember-computed-decorators'; import { observes } from 'ember-addons/ember-computed-decorators';
import { escapeExpression } from 'discourse/lib/utilities';
const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g; const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g;
@@ -103,7 +104,7 @@ export default Em.Component.extend({
}, },
findSearchTerms() { findSearchTerms() {
const searchTerm = this.get('searchTerm'); const searchTerm = escapeExpression(this.get('searchTerm'));
if (!searchTerm) if (!searchTerm)
return []; return [];