refactored tsquery sql to use rails escaping mechanisms

2013-03-07 16:34:12 -05:00
parent b7a5612c82
commit 2338f004eb
10 changed files with 23 additions and 21 deletions
--- a/app/models/artist.rb
+++ b/app/models/artist.rb
@@ -210,7 +210,7 @@ class Artist < ActiveRecord::Base
    end
    
    def other_names_match(string)
-      where("other_names_index @@ to_tsquery('danbooru', ?)", Artist.normalize_name(string))
+      where("other_names_index @@ to_tsquery('danbooru', E?)", Artist.normalize_name(string).to_escaped_for_tsquery)
    end
    
    def group_name_matches(name)
@@ -225,8 +225,8 @@ class Artist < ActiveRecord::Base
    
    def any_name_matches(name)
      stripped_name = normalize_name(name).to_escaped_for_sql_like
-      name_for_tsquery = normalize_name(name).gsub(/\(/, "\\(").gsub(/\)/, "\\)")
-      where("(name LIKE ? ESCAPE E'\\\\' OR other_names_index @@ to_tsquery('danbooru', ?))", stripped_name, name_for_tsquery)
+      name_for_tsquery = normalize_name(name).to_escaped_for_tsquery
+      where("(name LIKE ? ESCAPE E'\\\\' OR other_names_index @@ to_tsquery('danbooru', E?))", stripped_name, name_for_tsquery)
    end
    
    def search(params)
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -16,7 +16,7 @@ class Comment < ActiveRecord::Base
    end
    
    def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query).order("comments.id DESC")
+      where("body_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split).order("comments.id DESC")
    end
    
    def hidden(user)
@@ -28,7 +28,7 @@ class Comment < ActiveRecord::Base
    end
    
    def post_tags_match(query)
-      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', E?)", query)
+      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', ?)", query.to_escaped_for_tsquery_split)
    end
    
    def for_creator(user_id)
--- a/app/models/dmail.rb
+++ b/app/models/dmail.rb
@@ -99,7 +99,7 @@ class Dmail < ActiveRecord::Base
    end
    
    def search_message(query)
-      where("message_index @@ plainto_tsquery(?)", query)
+      where("message_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split)
    end
    
    def unread
--- a/app/models/forum_post.rb
+++ b/app/models/forum_post.rb
@@ -13,7 +13,7 @@ class ForumPost < ActiveRecord::Base
  
  module SearchMethods
    def body_matches(body)
-      where("forum_posts.text_index @@ plainto_tsquery(?)", body)
+      where("forum_posts.text_index @@ plainto_tsquery(E?)", body.to_escaped_for_tsquery)
    end
    
    def for_user(user_id)
@@ -41,7 +41,7 @@ class ForumPost < ActiveRecord::Base
      end
      
      if params[:topic_title_matches].present?
-        q = q.joins(:topic).where("forum_topics.text_index @@ plainto_tsquery(?)", params[:topic_title_matches])
+        q = q.joins(:topic).where("forum_topics.text_index @@ plainto_tsquery(E?)", params[:topic_title_matches].to_escaped_for_tsquery_split)
      end
      
      if params[:body_matches].present?
--- a/app/models/forum_topic.rb
+++ b/app/models/forum_topic.rb
@@ -14,7 +14,7 @@ class ForumTopic < ActiveRecord::Base
  
  module SearchMethods
    def title_matches(title)
-      where("text_index @@ plainto_tsquery(?)", title)
+      where("text_index @@ plainto_tsquery(E?)", title.to_escaped_for_tsquery_split)
    end
    
    def active
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -19,11 +19,11 @@ class Note < ActiveRecord::Base
    end
    
    def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query.scan(/\S+/).join(" & "))
+      where("body_index @@ plainto_tsquery(E?)", query.to_escaped_for_tsquery_split)
    end
    
    def post_tags_match(query)
-      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', ?)", query)
+      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', E?)", query.to_escaped_for_tsquery_split)
    end
    
    def creator_name(name)
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -938,8 +938,7 @@ class Post < ActiveRecord::Base
    end
    
    def raw_tag_match(tag)
-      tag = PostQueryBuilder.escape_string_for_tsquery(tag)
-      where("posts.tag_index @@ to_tsquery('danbooru', E'" + tag + "')")
+      where("posts.tag_index @@ to_tsquery('danbooru', E?)", tag.to_escaped_for_tsquery)
    end
    
    def tag_match(query)
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -21,7 +21,7 @@ class WikiPage < ActiveRecord::Base
    end
    
    def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query.scan(/\S+/).join(" & "))
+      where("body_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split)
    end

    def search(params = {})