Escaping the autocomplete queries to fix hotsh#666

ismudnx · Oct 2, 2012 · bbaa691 · bbaa691
1 parent 000d354
commit bbaa691
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -241,7 +241,7 @@ def autocomplete(query)
       return []
     end
 
-    query = '^' + query.downcase + '.*'
+    query = '^' + Regexp.escape(query) + '.*'
     following.inject([]) do |result, obj|
       if /#{query}/i =~ obj.author.fully_qualified_name
         result << { :label => obj.author.fully_qualified_name.downcase }

diff --git a/test/models/user_test.rb b/test/models/user_test.rb
@@ -320,6 +320,11 @@ def stub_superfeedr_request_for_user(user)
       @result = @bob.autocomplete('ta')
       assert_equal [], @result
     end
+
+    it "escapes special characters" do
+      @result = @bob.autocomplete('r+(')
+      assert_equal [], @result
+    end
   end
 
   describe "self#find_by_case_insensitive_username" do