summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUser <hukl@cccms.ccc.de>2012-01-04 00:14:50 +0100
committerUser <hukl@cccms.ccc.de>2012-01-04 00:14:50 +0100
commit370bf4f88d727d2a22bdb3a5d6bb2704cf9ab936 (patch)
treeb6606346c7fdf2dbd559858b80bca3bc43aa8b0b
parente643b6a68bdc3cc16a86aee107cd29b712e2bb16 (diff)
sanitized this motherfuckin search string
-rw-r--r--app/controllers/search_controller.rb17
1 files changed, 15 insertions, 2 deletions
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index ea545b7..806e320 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -1,9 +1,22 @@
1class SearchController < ApplicationController 1class SearchController < ApplicationController
2 #def index
3 # @page = Page.new
4 # search_term = params[:search_term]
5 # if search_term and not search_term.empty?
6 # @results = Node.search(params[:search_term], :include => :head)
7 # end
8 #end
9
2 def index 10 def index
3 @page = Page.new 11 @page = Page.new
4 search_term = params[:search_term] 12 search_term = params.delete(:search_term)
5 if search_term and not search_term.empty? 13 safe_search_term = search_term.match(/[\w\s]+/)[0] rescue ""
14 params[:search_term] = safe_search_term
15
16 unless safe_search_term.empty?
6 @results = Node.search(params[:search_term], :include => :head) 17 @results = Node.search(params[:search_term], :include => :head)
18 else
19 @results = []
7 end 20 end
8 end 21 end
9 22