search

lat9 / prioritize_matching_names

Search: Prioritize Matching Names
GNU General Public License v2.0
0 stars 1 forks source link

bracket in search term not ignored in query construction #2

Closed torvista closed 4 months ago

torvista commented 2 years ago

I eventually figured out this was also installed in combination with POSM https://github.com/lat9/products_options_stock/issues/229

and found the same issue. With this nasty as a search term,

LP0060BK'nvOpzp; AND 1=1 OR ('"iKO)),&

the opening bracket was in the IF clause (the double quotes and the rest get thrown away) and unbalanced the Select section in addition to the unbalanced query in POSM!

So here also:

case '(':
case ')':
case 'and':
case 'or':

to

case '(':
case ')':
break;
case 'and':
case 'or':

cures it.

lat9 commented 1 year ago

I'll take this a step further, using the zen_build_keyword_where_clause function, if defined.