IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: prevents exception when search q params is a hash (#7437)

Browse Source 
* FIX: prevents exception when searh q params is a hash

* raise when invalid format
This commit is contained in:
Joffrey JAFFEUX
2019-04-29 09:09:25 +02:00
committed by Guo Xiang Tan
parent ad44243a57
commit fe86941cb6
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/search_controller.rb
View File

@@ -9,8 +9,18 @@ class SearchController < ApplicationController
end end
def show def show
@search_term = params[:q] @search_term = params.permit(:q)[:q]
raise Discourse::InvalidParameters.new(:q) if @search_term.present? && @search_term.length < SiteSetting.min_search_term_length
# a q param has been given but it's not in the correct format
# eg: ?q[foo]=bar
if params[:q].present? && !@search_term.present?
raise Discourse::InvalidParameters.new(:q)
end
if @search_term.present? &&
@search_term.length < SiteSetting.min_search_term_length
raise Discourse::InvalidParameters.new(:q)
end
search_args = { search_args = {
type_filter: 'topic', type_filter: 'topic',

5
spec/requests/search_controller_spec.rb
View File

@@ -137,6 +137,11 @@ describe SearchController do
expect(response.status).to eq(400) expect(response.status).to eq(400)
end end
it "raises an error when search term is a hash" do
get "/search.json?q[foo]"
expect(response.status).to eq(400)
end
it "logs the search term" do it "logs the search term" do
SiteSetting.log_search_queries = true SiteSetting.log_search_queries = true
get "/search.json", params: { q: 'bantha' } get "/search.json", params: { q: 'bantha' }