From ee0e36d3dc9784f4ea4feb58ae113d274041066e Mon Sep 17 00:00:00 2001 From: Aron Roberts Date: Thu, 17 Jan 2013 16:04:20 -0800 Subject: [PATCH] CSPACE-5828: Filter out advanced search queries consisting of only a single SQL wildcard character. --- .../common/query/nuxeo/QueryManagerNuxeoImpl.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java b/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java index 20baf0c63..6ed215d30 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java +++ b/services/common/src/main/java/org/collectionspace/services/common/query/nuxeo/QueryManagerNuxeoImpl.java @@ -68,6 +68,8 @@ public class QueryManagerNuxeoImpl implements IQueryManager { // HACK to work around Nuxeo regression that tokenizes on '.'. private static Pattern kwdSearchProblemChars = Pattern.compile("[\\:\\(\\)\\*\\%\\.]"); private static Pattern kwdSearchHyphen = Pattern.compile(" - "); + private static Pattern advSearchSqlWildcard = Pattern.compile(".*?[I]*LIKE\\s*\\\"\\%\\\".*?"); + private static String getLikeForm(String dataSourceName, String repositoryName) { if (SEARCH_LIKE_FORM == null) { @@ -84,6 +86,7 @@ public class QueryManagerNuxeoImpl implements IQueryManager { } return SEARCH_LIKE_FORM; } + private String SQL_WILDCARD_CHAR = "%"; @Override public String getDatasourceName() { @@ -135,9 +138,14 @@ public class QueryManagerNuxeoImpl implements IQueryManager { public String createWhereClauseFromAdvancedSearch(String advancedSearch) { String result = null; // - // Process search term. FIXME: REM - Do we need to perform and string filtering here? + // Process search term. FIXME: REM - Do we need to perform any string filtering here? // if (advancedSearch != null && !advancedSearch.isEmpty()) { + // Filtering of advanced searches on a single '%' char, per CSPACE-5828 + Matcher regexMatcher = advSearchSqlWildcard.matcher(advancedSearch.trim()); + if (regexMatcher.matches()) { + return ""; + } StringBuffer advancedSearchWhereClause = new StringBuffer( advancedSearch); result = advancedSearchWhereClause.toString(); -- 2.47.3