From 54dc7f28ca47f011ea417043a35a0e260e21dab5 Mon Sep 17 00:00:00 2001
From: Dave Ward <left@alfresco.com>
Date: Thu, 8 Apr 2010 17:50:47 +0000
Subject: [PATCH] ALF-2014: Keyword Search web script can confuse search terms
 with operators - Because it didn't quote and escape the search terms

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19780 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../search/keywordsearch.get.query_.ftl          |  4 ++--
 .../repo/web/scripts/bean/KeywordSearch.java     | 16 +++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/search/keywordsearch.get.query_.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/search/keywordsearch.get.query_.ftl
index f86c337d17..b9c6b87c63 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/search/keywordsearch.get.query_.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/search/keywordsearch.get.query_.ftl
@@ -2,10 +2,10 @@
   TYPE:"{http://www.alfresco.org/model/content/1.0}content" AND 
   (
 <#list 1..terms?size as i>
-      @\{http\://www.alfresco.org/model/content/1.0\}name:${terms[i - 1]}
+      @\{http\://www.alfresco.org/model/content/1.0\}name:"${terms[i - 1]}"
 </#list>
 <#list 1..terms?size as i>
-      TEXT:${terms[i - 1]}
+      TEXT:"${terms[i - 1]}"
 </#list>
   )
 )
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/web/scripts/bean/KeywordSearch.java b/source/java/org/alfresco/repo/web/scripts/bean/KeywordSearch.java
index 670ae9e705..96f6327635 100644
--- a/source/java/org/alfresco/repo/web/scripts/bean/KeywordSearch.java
+++ b/source/java/org/alfresco/repo/web/scripts/bean/KeywordSearch.java
@@ -25,26 +25,25 @@ import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 
-import org.springframework.extensions.surf.util.I18NUtil;
 import org.alfresco.repo.template.TemplateNode;
 import org.alfresco.repo.web.scripts.RepositoryImageResolver;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.StoreRef;
-import org.alfresco.service.cmr.repository.TemplateException;
 import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.search.SearchParameters;
 import org.alfresco.service.cmr.search.SearchService;
 import org.alfresco.util.GUID;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.lucene.queryParser.QueryParser;
+import org.springframework.extensions.surf.util.I18NUtil;
 import org.springframework.extensions.surf.util.ParameterCheck;
 import org.springframework.extensions.surf.util.URLEncoder;
 import org.springframework.extensions.webscripts.DeclarativeWebScript;
 import org.springframework.extensions.webscripts.Status;
 import org.springframework.extensions.webscripts.WebScriptException;
 import org.springframework.extensions.webscripts.WebScriptRequest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.util.StringUtils;
 
 
 /**
@@ -163,6 +162,13 @@ public class KeywordSearch extends DeclarativeWebScript
         {
             // construct search statement
             String[] terms = searchTerms.split(" "); 
+
+            // Escape special characters in the terms, so that they can't confuse the parser 
+            for (int i=0; i<terms.length; i++) 
+            { 
+                terms[i] = QueryParser.escape(terms[i]); 
+            } 
+
             Map<String, Object> statementModel = new HashMap<String, Object>(7, 1.0f);
             statementModel.put("args", createArgs(req));
             statementModel.put("terms", terms);