Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-08 06:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

dont escape the query that is send to search escape on the way out

Browse Source
This commit is contained in:
barisusakli
2015-09-17 19:03:03 -04:00
parent 244c75f809
commit 6e66b32fe1
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/controllers/search.js
View File

@@ -17,7 +17,6 @@ searchController.search = function(req, res, next) {
return next(); return next();
} }
req.params.term = validator.escape(req.params.term);
var page = Math.max(1, parseInt(req.query.page, 10)) || 1; var page = Math.max(1, parseInt(req.query.page, 10)) || 1;
if (req.query.categories && !Array.isArray(req.query.categories)) { if (req.query.categories && !Array.isArray(req.query.categories)) {
req.query.categories = [req.query.categories]; req.query.categories = [req.query.categories];

3
src/search.js
View File

@@ -1,6 +1,7 @@
'use strict'; 'use strict';
var async = require('async'), var async = require('async'),
validator = require('validator'),
db = require('./database'), db = require('./database'),
posts = require('./posts'), posts = require('./posts'),
@@ -21,7 +22,7 @@ search.search = function(data, callback) {
return callback(err); return callback(err);
} }
result.search_query = query; result.search_query = validator.escape(query);
if (searchIn === 'titles' || searchIn === 'titlesposts') { if (searchIn === 'titles' || searchIn === 'titlesposts') {
searchIn = 'posts'; searchIn = 'posts';
} }