From: Aron Roberts Date: Fri, 18 Jan 2013 00:04:20 +0000 (-0800) Subject: CSPACE-5828: Filter out advanced search queries consisting of only a single SQL wildc... X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=ee0e36d3dc9784f4ea4feb58ae113d274041066e;p=tmp%2Fjakarta-migration.git CSPACE-5828: Filter out advanced search queries consisting of only a single SQL wildcard character. --- diff --git a/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java b/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java index 20baf0c63..6ed215d30 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java +++ b/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java @@ -68,6 +68,8 @@ public class QueryManagerNuxeoImpl implements IQueryManager { // HACK to work around Nuxeo regression that tokenizes on '.'. private static Pattern kwdSearchProblemChars = Pattern.compile("[\\:\\(\\)\\*\\%\\.]"); private static Pattern kwdSearchHyphen = Pattern.compile(" - "); + private static Pattern advSearchSqlWildcard = Pattern.compile(".*?[I]*LIKE\\s*\\\"\\%\\\".*?"); + private static String getLikeForm(String dataSourceName, String repositoryName) { if (SEARCH_LIKE_FORM == null) { @@ -84,6 +86,7 @@ public class QueryManagerNuxeoImpl implements IQueryManager { } return SEARCH_LIKE_FORM; } + private String SQL_WILDCARD_CHAR = "%"; @Override public String getDatasourceName() { @@ -135,9 +138,14 @@ public class QueryManagerNuxeoImpl implements IQueryManager { public String createWhereClauseFromAdvancedSearch(String advancedSearch) { String result = null; // - // Process search term. FIXME: REM - Do we need to perform and string filtering here? + // Process search term. FIXME: REM - Do we need to perform any string filtering here? // if (advancedSearch != null && !advancedSearch.isEmpty()) { + // Filtering of advanced searches on a single '%' char, per CSPACE-5828 + Matcher regexMatcher = advSearchSqlWildcard.matcher(advancedSearch.trim()); + if (regexMatcher.matches()) { + return ""; + } StringBuffer advancedSearchWhereClause = new StringBuffer( advancedSearch); result = advancedSearchWhereClause.toString();