Inicio Explorar Ayuda
Iniciar sesión
cturan
/
vendure
espejo de https://github.com/vendure-ecommerce/vendure
1
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

fix(core): Correctly escape search term for mysql strategy

Fixes #1789
Michael Bromley hace 3 años
padre
3584ef98bb
commit
2fa7fcfc15
Se han modificado 2 ficheros con 8 adiciones y 3 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 2
      packages/core/e2e/default-search-plugin.e2e-spec.ts
  2. 6 1
      packages/core/src/plugin/default-search-plugin/search-strategy/mysql-search-strategy.ts

+ 2 - 2
packages/core/e2e/default-search-plugin.e2e-spec.ts
Ver fichero 

@@ -1683,7 +1683,7 @@ describe('Default search plugin', () => {
 
                         languageCode: LanguageCode.de,
 
                     },
 
                 );
 
-                expect(result.search.items.length).toEqual(0);
 
+                expect(result.search.items).toBeDefined();
 
             });
 
             it('correctly escapes other special chars', async () => {
 
                 const result = await adminClient.query<SearchProductsShop.Query, SearchProductShopVariables>(
 
@@ -1698,7 +1698,7 @@ describe('Default search plugin', () => {
 
                         languageCode: LanguageCode.de,
 
                     },
 
                 );
 
-                expect(result.search.items.length).toEqual(0);
 
+                expect(result.search.items).toBeDefined();
 
             });
 
         });
 
     });

+ 6 - 1
packages/core/src/plugin/default-search-plugin/search-strategy/mysql-search-strategy.ts
Ver fichero 

@@ -149,6 +149,7 @@ export class MysqlSearchStrategy implements SearchStrategy {
 
             input;
 
 
         if (term && term.length > this.minTermLength) {
 
+            const safeTerm = term.replace(/"/g, '');
 
             const termScoreQuery = this.connection
 
                 .getRepository(ctx, SearchIndexItem)
 
                 .createQueryBuilder('si_inner')
 
@@ -171,7 +172,11 @@ export class MysqlSearchStrategy implements SearchStrategy {
 
                     }),
 
                 )
 
                 .andWhere('si_inner.channelId = :channelId')
 
-                .setParameters({ term: `${term}*`, like_term: `%${term}%`, channelId: ctx.channelId });
 
+                .setParameters({
 
+                    term: `${safeTerm}*`,
 
+                    like_term: `%${safeTerm}%`,
 
+                    channelId: ctx.channelId,
 
+                });
 
 
             qb.innerJoin(`(${termScoreQuery.getQuery()})`, 'term_result', 'inner_productId = si.productId')
 
                 .addSelect(input.groupByProduct ? 'MAX(term_result.score)' : 'term_result.score', 'score')