Verified Commit ea738efc by Cyril Vazquez

Merge branch 'hotfix/sqlinjection_textsearch'

parents 15af0892 b2876bc6
......@@ -133,6 +133,7 @@ class description implements \bundle\recordsManagement\Controller\archiveDescrip
*/
public function search($description=null, $text=null, array $archiveArgs=[])
{
$queryParams = [];
$queryParts = ['description!=null and text!=null'];
$queryParts[] = \laabs::newController('recordsManagement/archive')->getArchiveAssert($archiveArgs);
......@@ -159,6 +160,7 @@ class description implements \bundle\recordsManagement\Controller\archiveDescrip
}
$queryParts[] = '<?SQL '.implode(' and ', $textAsserts).' ?>';*/
$text = preg_replace('/[^\w\-\_]+/', ' ', $text);
$tokens = \laabs\explode(' ', $text);
foreach ($tokens as $i => $token) {
$tokens[$i] = $token.':*';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment