From 77be14f50716da4a6ac454d4a943c8268895a437 Mon Sep 17 00:00:00 2001
From: Bryce Lampe <brycelampe@gmail.com>
Date: Mon, 29 Jul 2013 18:45:16 -0700
Subject: [PATCH] should probably escape that query, huh...

---
 tracadvsearch/backend.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tracadvsearch/backend.py b/tracadvsearch/backend.py
index dc74fc6..2404c41 100644
--- a/tracadvsearch/backend.py
+++ b/tracadvsearch/backend.py
@@ -101,14 +101,15 @@ def query_backend(self, criteria):
 
 		# distribute our search query to several fields
 		if 'q' in criteria:
+			q = self.escape(criteria['q'])
 			field_parts = []
-			field_parts.append('token_text:(%(q)s)' % criteria)
-			field_parts.append('name:(%(q)s)^3' % criteria)
-			field_parts.append('component:(%(q)s)^0.1' % criteria)
-			field_parts.append('milestone:(%(q)s)^0.1' % criteria)
-			field_parts.append('keywords:(%(q)s)^0.1' % criteria)
+			field_parts.append('text:(%s)' % q)
+			field_parts.append('name:(%s)^3' % q)
+			field_parts.append('component:(%s)^0.1' % q)
+			field_parts.append('milestone:(%s)^0.1' % q)
+			field_parts.append('keywords:(%s)^0.1' % q)
 			# include only digits, but preserve whitespace
-			digit_query = re.sub('[^0-9 ]', '', criteria['q']).strip()
+			digit_query = re.sub('[^0-9 ]', '', q).strip()
 			if digit_query:
 				field_parts.append('ticket_id:(%s)' % digit_query)