summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Hall <dave@etianen.com>2017-09-27 09:24:45 (GMT)
committerDave Hall <dave@etianen.com>2017-09-27 09:24:45 (GMT)
commit7b35ba0c7667365e47ed98d61d6337d45d6ef493 (patch)
treeac9d6e4efb1a33b01260b39a83980bdea19940cb
parent11784a5cc7c67036f3361b98683e863493f70c00 (diff)
downloaddjango-watson-7b35ba0c7667365e47ed98d61d6337d45d6ef493.zip
django-watson-7b35ba0c7667365e47ed98d61d6337d45d6ef493.tar.gz
django-watson-7b35ba0c7667365e47ed98d61d6337d45d6ef493.tar.bz2
Fixing escaping of <> characters in postgres. Closes #219
-rw-r--r--tests/test_watson/tests.py33
-rw-r--r--watson/backends.py2
2 files changed, 6 insertions, 29 deletions
diff --git a/tests/test_watson/tests.py b/tests/test_watson/tests.py
index 82121a8..adbea5d 100644
--- a/tests/test_watson/tests.py
+++ b/tests/test_watson/tests.py
@@ -10,7 +10,7 @@ these tests have been amended to 'fooo' and 'baar'. Ho hum.
from __future__ import unicode_literals
import json
-import re
+import string
try:
from unittest import skipUnless
@@ -26,7 +26,6 @@ from django.utils.encoding import force_text
from watson import search as watson
from watson.models import SearchEntry
-from watson.backends import escape_query
from test_watson.models import WatsonTestModel1, WatsonTestModel2
from test_watson import admin # Force early registration of all admin models. # noQA
@@ -48,32 +47,6 @@ class RegistrationTest(TestCase):
self.assertRaises(watson.RegistrationError, lambda: isinstance(watson.get_adapter(WatsonTestModel1)))
-class EscapingTest(TestCase):
- def testEscaping(self):
- # Test query escaping.
- re_escape_chars = re.compile(r'[&:"(|)!><~*+-]', re.UNICODE)
- self.assertEqual(escape_query("", re_escape_chars), "")
- self.assertEqual(escape_query("abcd", re_escape_chars), "abcd")
- self.assertEqual(escape_query("abcd efgh", re_escape_chars), "abcd efgh")
- self.assertEqual(escape_query("abcd efgh", re_escape_chars), "abcd efgh")
- self.assertEqual(escape_query("&&abcd&", re_escape_chars), "abcd")
-
- # check if we leave good characters
- good_chars = "'$@#$^=_.,"
- for char in good_chars:
- self.assertEqual(
- escape_query("abcd{}efgh".format(char), re_escape_chars),
- "abcd{}efgh".format(char)
- )
-
- # now the ones where we replace harmful characters
- bad_chars = '&:"(|)!><~*+-'
- for char in bad_chars:
- self.assertEqual(
- escape_query("abcd{}efgh".format(char), re_escape_chars), "abcd efgh"
- )
-
-
complex_registration_search_engine = watson.SearchEngine("restricted")
@@ -285,6 +258,10 @@ class InternalsTest(SearchTestBase):
class SearchTest(SearchTestBase):
+ def testEscaping(self):
+ # This must not crash the database with a syntax error.
+ list(watson.search(string.printable))
+
def emptySearchTextGivesNoResults(self):
self.assertEqual(watson.search("").count(), 0)
self.assertEqual(watson.search(" ").count(), 0)
diff --git a/watson/backends.py b/watson/backends.py
index 369f7a5..3cd3a65 100644
--- a/watson/backends.py
+++ b/watson/backends.py
@@ -23,7 +23,7 @@ def regex_from_word(word):
# PostgreSQL to_tsquery operators: ! & : ( ) |
-RE_POSTGRES_ESCAPE_CHARS = re.compile(r'[&:(|)!]', re.UNICODE)
+RE_POSTGRES_ESCAPE_CHARS = re.compile(r'[&:(|)!><]', re.UNICODE)
# MySQL boolean full-text search operators: > < ( ) " ~ * + -
RE_MYSQL_ESCAPE_CHARS = re.compile(r'["()><~*+-]', re.UNICODE)