Merge pull request #440 from iBug/escape-search

Escape "%" and "_" in non-regex search
Charcoal-SE · May 28, 2018 · 8d33ca9 · 8d33ca9
2 parents 1823ad5 + d11355b
commit 8d33ca9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb
@@ -22,7 +22,7 @@ def self.parse_search_params(params, symbol, user)
       regex_support.each { |k, v| input = input.gsub(k, v) }
     else
       operation = 'LIKE'
-      input = '%' + input + '%'
+      input = '%' + ActiveRecord::Base.sanitize_sql_like(input) + '%'
     end
 
     [input, operation]