Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: escape regexp from query #2273

Merged
merged 2 commits into from
Aug 28, 2020
Merged

fix: escape regexp from query #2273

merged 2 commits into from
Aug 28, 2020

Conversation

fengkx
Copy link
Contributor

@fengkx fengkx commented Aug 25, 2020
edited
Loading

Fixes #1458

Changes proposed in this pull request:

Escape query using lodash escapeRegExp first.

Confirmed

  • Frontend changes: tested on a local Flarum installation.

askvortsov1
askvortsov1 approved these changes Aug 25, 2020
View reviewed changes
Copy link
Sponsor Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this, seems to have been the solution Toby intended in the linked issue as well.

dsevillamartin
dsevillamartin approved these changes Aug 25, 2020
View reviewed changes
Copy link
Member

@dsevillamartin dsevillamartin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is fine, and makes sense.

askvortsov1
askvortsov1 approved these changes Aug 28, 2020
View reviewed changes
Copy link
Sponsor Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thank you very much!

@askvortsov1 askvortsov1 merged commit 2caa5cf into flarum:master Aug 28, 2020
askvortsov1 pushed a commit that referenced this pull request Sep 6, 2020
@fengkx @askvortsov1
fix: escape regexp from query (#2273)
c6aec38 
* fix: escape regexp from query
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dsevillamartin dsevillamartin dsevillamartin approved these changes

@askvortsov1 askvortsov1 askvortsov1 approved these changes

@clarkwinkelmann clarkwinkelmann Awaiting requested review from clarkwinkelmann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Search highlighting is prone to regular expression injection
3 participants
@fengkx @dsevillamartin @askvortsov1