refactored tsquery sql to use rails escaping mechanisms

app/logical/post_query_builder.rb

@@ -1,11 +1,6 @@
 class PostQueryBuilder
   attr_accessor :query_string, :has_constraints
   
-  def self.escape_string_for_tsquery(token)
-    escaped_token = token.gsub(/\\|'/, '\0\0\0\0').gsub("?", "\\\\77").gsub("%", "\\\\37")
-    "''" + escaped_token + "''"
-  end
-  
   def initialize(query_string)
     @query_string = query_string
     @has_constraint = false
@@ -53,7 +48,7 @@ class PostQueryBuilder
 
   def escape_string_for_tsquery(array)
     array.map do |token|
-      PostQueryBuilder.escape_string_for_tsquery(token)
+      token.to_escaped_for_tsquery
     end
   end
 
@@ -75,7 +70,7 @@ class PostQueryBuilder
     end
 
     if tag_query_sql.any?
-      relation = relation.where("posts.tag_index @@ to_tsquery('danbooru', E'" + tag_query_sql.join(" & ") + "')")
+      relation = relation.where("posts.tag_index @@ to_tsquery('danbooru', E?)", tag_query_sql.join(" & "))
     end
     
     relation

app/models/artist.rb

@@ -210,7 +210,7 @@ class Artist < ActiveRecord::Base
     end
     
     def other_names_match(string)
-      where("other_names_index @@ to_tsquery('danbooru', ?)", Artist.normalize_name(string))
+      where("other_names_index @@ to_tsquery('danbooru', E?)", Artist.normalize_name(string).to_escaped_for_tsquery)
     end
     
     def group_name_matches(name)
@@ -225,8 +225,8 @@ class Artist < ActiveRecord::Base
     
     def any_name_matches(name)
       stripped_name = normalize_name(name).to_escaped_for_sql_like
-      name_for_tsquery = normalize_name(name).gsub(/\(/, "\\(").gsub(/\)/, "\\)")
-      where("(name LIKE ? ESCAPE E'\\\\' OR other_names_index @@ to_tsquery('danbooru', ?))", stripped_name, name_for_tsquery)
+      name_for_tsquery = normalize_name(name).to_escaped_for_tsquery
+      where("(name LIKE ? ESCAPE E'\\\\' OR other_names_index @@ to_tsquery('danbooru', E?))", stripped_name, name_for_tsquery)
     end
     
     def search(params)

app/models/comment.rb

@@ -16,7 +16,7 @@ class Comment < ActiveRecord::Base
     end
     
     def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query).order("comments.id DESC")
+      where("body_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split).order("comments.id DESC")
     end
     
     def hidden(user)
@@ -28,7 +28,7 @@ class Comment < ActiveRecord::Base
     end
     
     def post_tags_match(query)
-      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', E?)", query)
+      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', ?)", query.to_escaped_for_tsquery_split)
     end
     
     def for_creator(user_id)

app/models/dmail.rb

@@ -99,7 +99,7 @@ class Dmail < ActiveRecord::Base
     end
     
     def search_message(query)
-      where("message_index @@ plainto_tsquery(?)", query)
+      where("message_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split)
     end
     
     def unread

app/models/forum_post.rb

@@ -13,7 +13,7 @@ class ForumPost < ActiveRecord::Base
   
   module SearchMethods
     def body_matches(body)
-      where("forum_posts.text_index @@ plainto_tsquery(?)", body)
+      where("forum_posts.text_index @@ plainto_tsquery(E?)", body.to_escaped_for_tsquery)
     end
     
     def for_user(user_id)
@@ -41,7 +41,7 @@ class ForumPost < ActiveRecord::Base
       end
       
       if params[:topic_title_matches].present?
-        q = q.joins(:topic).where("forum_topics.text_index @@ plainto_tsquery(?)", params[:topic_title_matches])
+        q = q.joins(:topic).where("forum_topics.text_index @@ plainto_tsquery(E?)", params[:topic_title_matches].to_escaped_for_tsquery_split)
       end
       
       if params[:body_matches].present?

app/models/forum_topic.rb

@@ -14,7 +14,7 @@ class ForumTopic < ActiveRecord::Base
   
   module SearchMethods
     def title_matches(title)
-      where("text_index @@ plainto_tsquery(?)", title)
+      where("text_index @@ plainto_tsquery(E?)", title.to_escaped_for_tsquery_split)
     end
     
     def active

app/models/note.rb

@@ -19,11 +19,11 @@ class Note < ActiveRecord::Base
     end
     
     def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query.scan(/\S+/).join(" & "))
+      where("body_index @@ plainto_tsquery(E?)", query.to_escaped_for_tsquery_split)
     end
     
     def post_tags_match(query)
-      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', ?)", query)
+      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', E?)", query.to_escaped_for_tsquery_split)
     end
     
     def creator_name(name)

app/models/post.rb

@@ -938,8 +938,7 @@ class Post < ActiveRecord::Base
     end
     
     def raw_tag_match(tag)
-      tag = PostQueryBuilder.escape_string_for_tsquery(tag)
-      where("posts.tag_index @@ to_tsquery('danbooru', E'" + tag + "')")
+      where("posts.tag_index @@ to_tsquery('danbooru', E?)", tag.to_escaped_for_tsquery)
     end
     
     def tag_match(query)

app/models/wiki_page.rb

@@ -21,7 +21,7 @@ class WikiPage < ActiveRecord::Base
     end
     
     def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query.scan(/\S+/).join(" & "))
+      where("body_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split)
     end
 
     def search(params = {})

config/initializers/core_extensions.rb

@@ -5,6 +5,14 @@ module Danbooru
         return self.gsub(/\\/, '\0\0').gsub(/(%|_)/, "\\\\\\1").gsub(/\*/, '%')
       end
 
+      def to_escaped_for_tsquery_split
+        scan(/\S+/).map {|x| x.to_escaped_for_tsquery}.join(" & ")
+      end
+
+      def to_escaped_for_tsquery
+        "'#{gsub(/\\|'/, '\0\0\0\0')}'"
+      end
+      
       def to_escaped_js
         return self.gsub(/\\/, '\0\0').gsub(/['"]/) {|m| "\\#{m}"}.gsub(/\r\n|\r|\n/, '\\n')
       end