From 9d29e1ac5b01fafccdf35a2e13efff39e0526f29 Mon Sep 17 00:00:00 2001 From: dbs Date: Tue, 5 Apr 2011 03:22:16 +0000 Subject: [PATCH] Prevent patron search from returning horrible errors on regexian input Add a utility method, _clean_regex_chars(), to filter common regex characters out of input values. When these characters are passed to database SIMILAR searches, strange things (generally ugly errors) can happen - so filter them out. git-svn-id: svn://svn.open-ils.org/ILS/trunk@19983 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- .../lib/OpenILS/Application/Storage/Publisher/actor.pm | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Publisher/actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Publisher/actor.pm index 3c6543a0e..6f8c498e7 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Publisher/actor.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Publisher/actor.pm @@ -613,6 +613,12 @@ __PACKAGE__->register_method( NOTE ); +sub _clean_regex_chars { + my ($search) = @_; + + $search =~ tr/\\.[]()?*+{}^$//d; + return $search; +} sub patron_search { my $self = shift; @@ -642,15 +648,15 @@ sub patron_search { # group 3 = barcode my $usr = join ' AND ', map { "evergreen.lowercase(CAST($_ AS text)) ~ ?" } grep { ''.$$search{$_}{group} eq '0' } keys %$search; - my @usrv = map { "^" . $$search{$_}{value} } grep { ''.$$search{$_}{group} eq '0' } keys %$search; + my @usrv = map { "^" . _clean_regex_chars($$search{$_}{value}) } grep { ''.$$search{$_}{group} eq '0' } keys %$search; my $addr = join ' AND ', map { "evergreen.lowercase(CAST($_ AS text)) ~ ?" } grep { ''.$$search{$_}{group} eq '1' } keys %$search; - my @addrv = map { "^" . $$search{$_}{value} } grep { ''.$$search{$_}{group} eq '1' } keys %$search; + my @addrv = map { "^" . _clean_regex_chars($$search{$_}{value}) } grep { ''.$$search{$_}{group} eq '1' } keys %$search; - my $pv = $$search{phone}{value}; - my $iv = $$search{ident}{value}; - my $nv = $$search{name}{value}; - my $cv = $$search{card}{value}; + my $pv = _clean_regex_chars($$search{phone}{value}); + my $iv = _clean_regex_chars($$search{ident}{value}); + my $nv = _clean_regex_chars($$search{name}{value}); + my $cv = _clean_regex_chars($$search{card}{value}); my $card = ''; if ($cv) { -- 2.11.0