Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: escape regexp from query #2273

Merged
merged 2 commits into from
Aug 28, 2020
Merged

Conversation

fengkx
Copy link
Contributor

@fengkx fengkx commented Aug 25, 2020

Fixes #1458

Changes proposed in this pull request:

Escape query using lodash escapeRegExp first.

Confirmed

  • Frontend changes: tested on a local Flarum installation.

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this, seems to have been the solution Toby intended in the linked issue as well.

Copy link
Member

@dsevillamartin dsevillamartin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is fine, and makes sense.

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thank you very much!

@askvortsov1 askvortsov1 merged commit 2caa5cf into flarum:master Aug 28, 2020
askvortsov1 pushed a commit that referenced this pull request Sep 6, 2020
* fix: escape regexp from query
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Search highlighting is prone to regular expression injection
3 participants