Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove "<" and ">" as they cannot be escaped #1415

Merged
merged 4 commits into from
Nov 30, 2017
Merged

Remove "<" and ">" as they cannot be escaped #1415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
51b2592
Remove "<" and ">" as they cannot be escaped
martin-georgiev Nov 21, 2017
10bb1e3
Update unit test
martin-georgiev Nov 21, 2017
12c2213
Update CHANGELOG.md
martin-georgiev Nov 22, 2017
9fa9fa1
Update method description
martin-georgiev Nov 29, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file based on the
### Backward Compatibility Breaks

### Bugfixes
- Characters "<" and ">" will be removed when a query term is passed to [`Util::escapeTerm`](https://github.com/ruflin/Elastica/pull/1415/files). Since v5.1 the [documentation](https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-query-string-query.html#_reserved_characters) states that these symbols cannot be escaped ever.

### Added

Expand Down
20 changes: 14 additions & 6 deletions lib/Elastica/Util.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,12 +72,12 @@ public static function escapeDateMath($requestUri)
}

/**
* Replace the following reserved words: AND OR NOT
* Replace known reserved words (e.g. AND OR NOT)
* and
* escapes the following terms: + - && || ! ( ) { } [ ] ^ " ~ * ? : \.
* escape known special characters (e.g. + - && || ! ( ) { } [ ] ^ " ~ * ? : etc.)
*
* @link http://lucene.apache.org/java/2_4_0/queryparsersyntax.html#Boolean%20operators
* @link http://lucene.apache.org/java/2_4_0/queryparsersyntax.html#Escaping%20Special%20Characters
* @link https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-query-string-query.html#_boolean_operators
* @link https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-query-string-query.html#_reserved_characters
*
* @param string $term Query term to replace and escape
*
Expand Down Expand Up @@ -106,11 +106,19 @@ public static function escapeTerm($term)
{
$result = $term;
// \ escaping has to be first, otherwise escaped later once again
$chars = ['\\', '+', '-', '&&', '||', '!', '(', ')', '{', '}', '[', ']', '^', '"', '~', '*', '?', ':', '/', '<', '>'];
$escapableChars = ['\\', '+', '-', '&&', '||', '!', '(', ')', '{', '}', '[', ']', '^', '"', '~', '*', '?', ':', '/'];

foreach ($chars as $char) {
foreach ($escapableChars as $char) {
$result = str_replace($char, '\\'.$char, $result);
}

// < and > cannot be escaped, so they should be removed
// @see https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters
$nonEscapableChars = ['<', '>'];

foreach ($nonEscapableChars as $char) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should update line

Elastica/lib/Elastica/Util.php

Line 77 in e47dd0e

* escapes the following terms: + - && || ! ( ) { } [ ] ^ " ~ * ? : \.
in some way? Interestingly it already doesn't list < and >.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would drop the list of characters in the description of replaceBooleanWordsAndEscapeTerm. My reasoning is that it exposes the internal behaviour of the used submethods. The character list creates maintenance backlog as it is not something that the wrapper method replaceBooleanWordsAndEscapeTerm has control over at present.
Yet if you believe it adds value then it needs updating too. Are you looking at any particular wording?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on removing it. I'm good with most wordings :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method description is updated. I believe we can move this PR forward now.

$result = str_replace($char, '', $result);
}

return $result;
}
Expand Down
2 changes: 1 addition & 1 deletion test/Elastica/UtilTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ public function getReplaceBooleanWordsPairs()
public function testEscapeTermSpecialCharacters()
{
$before = '\\+-&&||!(){}[]^"~*?:/<>';
$after = '\\\\\\+\\-\\&&\\||\\!\\(\\)\\{\\}\\[\\]\\^\\"\\~\\*\\?\\:\\/\<\>';
$after = '\\\\\\+\\-\\&&\\||\\!\\(\\)\\{\\}\\[\\]\\^\\"\\~\\*\\?\\:\\/';

$this->assertEquals(Util::escapeTerm($before), $after);
}
Expand Down