search: add unaliased:<tag> metatag.

* Add unaliased:<tag> metatag. This allows you to search for a tag
  without applying aliases. This is mainly useful for debugging purposes
  and for searching for large tags that are in the process of being
  aliased but haven't had all their posts moved yet.

* Remove the "raw" url param from the posts index page. The "raw" param
  also caused the search to ignore aliases, but it was undocumented and
  exploitable. It was possible to use the raw param to view private
  favorites since favorites are treated like a hidden tag.

app/logical/post_query_builder.rb

@@ -24,6 +24,7 @@ class PostQueryBuilder
     ordpool note comment commentary id rating locked source status filetype
     disapproved parent child search embedded md5 width height mpixels ratio
     score favcount filesize date age order limit tagcount pixiv_id pixiv
+    unaliased
   ] + COUNT_METATAGS + COUNT_METATAG_SYNONYMS + CATEGORY_COUNT_METATAGS
 
   ORDER_METATAGS = %w[
@@ -157,6 +158,8 @@ class PostQueryBuilder
       favorites_include(value)
     when "ordfav"
       ordfav_matches(value)
+    when "unaliased"
+      unaliased_matches(value)
     when "user"
       user_matches(:uploader, value)
     when "approver"
@@ -198,6 +201,15 @@ class PostQueryBuilder
     Post.where("posts.tag_index @@ to_tsquery('danbooru', E?)", query)
   end
 
+  def unaliased_matches(tag)
+    # don't let users use unaliased:fav:1 to view private favorites
+    if tag =~ /\Afav:\d+\z/
+      Post.none
+    else
+      tags_include(tag)
+    end
+  end
+
   def attribute_matches(value, field, type = :integer)
     operator, *args = parse_metatag_value(value, type)
     Post.where_operator(field, operator, *args)