Normalize query parameters so we can unmangle facebook's bad encodings

projectblacklight · Jul 13, 2020 · 43a5f23 · 43a5f23
1 parent f70bcbb
commit 43a5f23
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 6 deletions.
diff --git a/lib/blacklight/search_state.rb b/lib/blacklight/search_state.rb
@@ -16,20 +16,34 @@ class SearchState
     # @param [Blacklight::Config] blacklight_config
     # @param [ApplicationController] controller used for the routing helpers
     def initialize(params, blacklight_config, controller = nil)
+      @params = self.class.normalize_params(params)
+      @blacklight_config = blacklight_config
+      @controller = controller
+    end
+
+    def self.normalize_params(untrusted_params = {})
+      params = untrusted_params
+
       if params.respond_to?(:to_unsafe_h)
         # This is the typical (not-ActionView::TestCase) code path.
-        @params = params.to_unsafe_h
+        params = params.to_unsafe_h
         # In Rails 5 to_unsafe_h returns a HashWithIndifferentAccess, in Rails 4 it returns Hash
-        @params = @params.with_indifferent_access if @params.instance_of? Hash
+        params = params.with_indifferent_access if params.instance_of? Hash
       elsif params.is_a? Hash
         # This is an ActionView::TestCase workaround for Rails 4.2.
-        @params = params.dup.with_indifferent_access
+        params = params.dup.with_indifferent_access
       else
-        @params = params.dup.to_h.with_indifferent_access
+        params = params.dup.to_h.with_indifferent_access
       end
 
-      @blacklight_config = blacklight_config
-      @controller = controller
+      # Normalize facet parameters mangled by facebook
+      if params[:f].is_a?(Hash) && params[:f].values.any? { |x| x.is_a?(Hash) }
+        params[:f] = params[:f].transform_values do |value|
+          value.is_a?(Hash) ? value.values : value
+        end
+      end
+
+      params
     end
 
     def to_hash

diff --git a/spec/lib/blacklight/search_state_spec.rb b/spec/lib/blacklight/search_state_spec.rb
@@ -46,6 +46,14 @@
         expect(search_state.to_h).to eq data.with_indifferent_access
       end
     end
+
+    context 'with facebooks badly mangled query parameters' do
+      let(:params) { { f: { field: { '0': 'first', '1': 'second' } } } }
+
+      it 'normalizes the facets to the expected format' do
+        expect(search_state.to_h).to include f: { field: %w[first second] }
+      end
+    end
   end
 
   describe 'interface compatibility with params' do