diff --git a/app/models/concerns/searchable_by_name_model.rb b/app/models/concerns/searchable_by_name_model.rb index a7d05a805..c2e4905d4 100644 --- a/app/models/concerns/searchable_by_name_model.rb +++ b/app/models/concerns/searchable_by_name_model.rb @@ -40,12 +40,11 @@ module SearchableByNameModel def self.search_by_search_fields_with_boolean(user, teams = [], query = nil, search_fields = [], options = {}) return if user.blank? || teams.blank? - sanitized_query = ActiveRecord::Base.sanitize_sql_like(query.to_s) sql_q = if options[:fetch_latest_versions] viewable_by_user(user, teams, options) - .where_attributes_like_boolean(search_fields, sanitized_query, options) + .where_attributes_like_boolean(search_fields, query, options) else - viewable_by_user(user, teams).where_attributes_like_boolean(search_fields, sanitized_query, options) + viewable_by_user(user, teams).where_attributes_like_boolean(search_fields, query, options) end sql_q.limit(options[:limit] || Constants::SEARCH_LIMIT) diff --git a/app/models/concerns/searchable_model.rb b/app/models/concerns/searchable_model.rb index 4254894e1..5de3a8427 100644 --- a/app/models/concerns/searchable_model.rb +++ b/app/models/concerns/searchable_model.rb @@ -174,7 +174,6 @@ module SearchableModel end def self.create_query_clause(attrs, index, negate, query_clauses, value_hash, phrase, current_operator) - phrase = sanitize_sql_like(phrase) exact_match = phrase =~ /^".*"$/ like = exact_match ? '~' : 'ILIKE' @@ -205,9 +204,9 @@ module SearchableModel if DATA_VECTOR_ATTRIBUTES.include?(attribute) new_phrase = Regexp.escape(new_phrase.gsub(/[!()&|:<]/, ' ').strip).split(/\s+/) new_phrase.map! { |t| "#{t}:*" } unless exact_match - new_phrase = new_phrase.join('&').tr('\'', '"') + new_phrase = sanitize_sql_like(new_phrase.join('&').tr('\'', '"')) else - new_phrase = Regexp.escape(new_phrase) + new_phrase = sanitize_sql_like(Regexp.escape(new_phrase)) new_phrase = exact_match ? "(^|\\s)#{new_phrase}(\\s|$)" : "%#{new_phrase}%" end