From 370bf4f88d727d2a22bdb3a5d6bb2704cf9ab936 Mon Sep 17 00:00:00 2001 From: User Date: Wed, 4 Jan 2012 00:14:50 +0100 Subject: sanitized this motherfuckin search string --- app/controllers/search_controller.rb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index ea545b7..806e320 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -1,9 +1,22 @@ class SearchController < ApplicationController + #def index + # @page = Page.new + # search_term = params[:search_term] + # if search_term and not search_term.empty? + # @results = Node.search(params[:search_term], :include => :head) + # end + #end + def index @page = Page.new - search_term = params[:search_term] - if search_term and not search_term.empty? + search_term = params.delete(:search_term) + safe_search_term = search_term.match(/[\w\s]+/)[0] rescue "" + params[:search_term] = safe_search_term + + unless safe_search_term.empty? @results = Node.search(params[:search_term], :include => :head) + else + @results = [] end end -- cgit v1.3