From 08a316f96828120c2bb959bbea1262b3b02fa4f1 Mon Sep 17 00:00:00 2001
From: Thomas Schmidt <tschmidt@suse.de>
Date: Mon, 6 Dec 2010 15:46:50 +0100
Subject: [PATCH] change escaping (bnc#630988)

---
 app/controllers/search_controller.rb | 4 ++--
 app/models/seeker.rb                 | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index e59c10b..c1e20d8 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -34,7 +34,7 @@ class SearchController < ApplicationController
 
     base = @baseproject=="ALL" ? "" : @baseproject
     begin
-      @result = Seeker.prepare_result(CGI.escape(@query).gsub("+", " "), base, @project, @exclude_filter, @exclude_debug)
+      @result = Seeker.prepare_result(@query, base, @project, @exclude_filter, @exclude_debug)
       if @current_page == 1 # ignore sub pages
         SearchHistory.create :query => @query, :base => @baseproject, :patterns => @result.pattern_count,
           :binaries => @result.binary_count, :count => @result.length
@@ -42,7 +42,7 @@ class SearchController < ApplicationController
     rescue => e
       search_error, code, api_exception = ActiveXML::Transport.extract_error_message e
       if code == "413"
-        @result = Seeker.prepare_result(CGI.escape("\"#{@query}\"").gsub("+", " "), base, @project, @exclude_filter, @exclude_debug)
+        @result = Seeker.prepare_result(@query, base, @project, @exclude_filter, @exclude_debug)
         unless @result.blank?
           flash.now[:note] = _("Switched to exact match due to too many hits on substring search.")
         else
diff --git a/app/models/seeker.rb b/app/models/seeker.rb
index 49708fa..f918173 100644
--- a/app/models/seeker.rb
+++ b/app/models/seeker.rb
@@ -25,6 +25,7 @@ class Seeker < ActiveXML::Base
   class SearchResult < Array
     def self.search(query, baseproject, project=nil, exclude_filter=nil, exclude_debug=false)
 
+      query = query.gsub(/['"()]/, "")
       words = query.split(" ").select {|part| !part.match(/^[0-9_\.-]+$/) }
       versions = query.split(" ").select {|part| part.match(/^[0-9_\.-]+$/) }
       logger.debug "splitted words and version: #{words.inspect} #{versions.inspect}"
@@ -39,7 +40,7 @@ class Seeker < ActiveXML::Base
       xpath += " and @project = '#{project}' " unless project.blank?
       xpath += " and not(contains-ic(@name, '-debuginfo')) and not(contains-ic(@name, '-debugsource'))" if exclude_debug
       xpath += " and not(contains-ic(@project, '#{exclude_filter}'))" unless exclude_filter.blank?
-
+ 
       bin = Seeker.find :binary, :match => xpath
       pat = Seeker.find :pattern, :match => xpath
       result = new(query)
-- 
2.1.4