diff options
| author | User <hukl@cccms.ccc.de> | 2012-01-04 00:14:50 +0100 |
|---|---|---|
| committer | User <hukl@cccms.ccc.de> | 2012-01-04 00:14:50 +0100 |
| commit | 370bf4f88d727d2a22bdb3a5d6bb2704cf9ab936 (patch) | |
| tree | b6606346c7fdf2dbd559858b80bca3bc43aa8b0b /app/controllers | |
| parent | e643b6a68bdc3cc16a86aee107cd29b712e2bb16 (diff) | |
sanitized this motherfuckin search string
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/search_controller.rb | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index ea545b7..806e320 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb | |||
| @@ -1,9 +1,22 @@ | |||
| 1 | class SearchController < ApplicationController | 1 | class SearchController < ApplicationController |
| 2 | #def index | ||
| 3 | # @page = Page.new | ||
| 4 | # search_term = params[:search_term] | ||
| 5 | # if search_term and not search_term.empty? | ||
| 6 | # @results = Node.search(params[:search_term], :include => :head) | ||
| 7 | # end | ||
| 8 | #end | ||
| 9 | |||
| 2 | def index | 10 | def index |
| 3 | @page = Page.new | 11 | @page = Page.new |
| 4 | search_term = params[:search_term] | 12 | search_term = params.delete(:search_term) |
| 5 | if search_term and not search_term.empty? | 13 | safe_search_term = search_term.match(/[\w\s]+/)[0] rescue "" |
| 14 | params[:search_term] = safe_search_term | ||
| 15 | |||
| 16 | unless safe_search_term.empty? | ||
| 6 | @results = Node.search(params[:search_term], :include => :head) | 17 | @results = Node.search(params[:search_term], :include => :head) |
| 18 | else | ||
| 19 | @results = [] | ||
| 7 | end | 20 | end |
| 8 | end | 21 | end |
| 9 | 22 | ||
