From c409b9b17fc2755812f3fcd285ad47462edf309c Mon Sep 17 00:00:00 2001 From: Erik Gaal Date: Fri, 12 Apr 2019 16:01:04 +0200 Subject: [PATCH] Use preg_quote to escape special characters instead of removing them --- src/Traits/SearchesQueries.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Traits/SearchesQueries.php b/src/Traits/SearchesQueries.php index 6f59987e..887e1453 100644 --- a/src/Traits/SearchesQueries.php +++ b/src/Traits/SearchesQueries.php @@ -37,7 +37,7 @@ protected function applySearch(Builder $query, array $args) $fields = $args['fields']; $relations = $this->modelSchema->getRelationFields(); - $qualifiedNeedle = preg_replace('/[*&|:\']+/', ' ', $needle); + $qualifiedNeedle = preg_quote($needle); foreach ($fields as $key => $value) { if ($relations->keys()->contains($key)) { @@ -56,7 +56,7 @@ protected function applySearch(Builder $query, array $args) if ($grammar instanceof Grammars\PostgresGrammar) { $dictionary = config('bakery.postgresDictionary'); $fields = implode(', ', $this->tsFields); - $query->whereRaw("to_tsvector('${dictionary}', concat_ws(' ', ".$fields.")) @@ to_tsquery('${dictionary}', ?)", ["'$qualifiedNeedle':*"]); + $query->whereRaw("to_tsvector('${dictionary}', concat_ws(' ', ".$fields.")) @@ to_tsquery('${dictionary}', ?)", ["'{$qualifiedNeedle}':*"]); } return $query;