From 6d8494f7f6c9955b54634205dbbeb62e85c96f68 Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 11 Nov 2011 22:07:49 +0000 Subject: [PATCH] NIHVIVO-3298 Use SparqlQueryUtils.escapeForRegex() to properly handle special characters in the query term. --- .../controller/accounts/admin/ajax/ProfileAutoCompleter.java | 4 +++- .../accounts/manageproxies/ajax/BasicProfilesGetter.java | 4 +++- .../accounts/manageproxies/ajax/BasicProxiesGetter.java | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java index 8aff96f87..0e1246e21 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java @@ -30,6 +30,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.AbstractAjaxResponder; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; +import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils; /** * Get a list of Profiles with last names that begin with this search term, and @@ -122,9 +123,10 @@ class ProfileAutoCompleter extends AbstractAjaxResponder { } private String prepareQueryString() { + String cleanTerm = SparqlQueryUtils.escapeForRegex(term); String queryString = QUERY_TEMPLATE .replace("%matchingPropertyUri%", selfEditingIdMatchingProperty) - .replace("%searchTerm%", term) + .replace("%searchTerm%", cleanTerm) .replace("%externalAuthId%", externalAuthId); log.debug("Query string is '" + queryString + "'"); return queryString; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java index e63946b46..3b945d6f5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java @@ -24,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; import edu.cornell.mannlib.vitro.webapp.utils.ImageUtil; import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryRunner; +import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils; /** * Get the basic auto-complete info for the profile selection. @@ -68,8 +69,9 @@ public class BasicProfilesGetter extends AbstractAjaxResponder { if (term.isEmpty()) { return EMPTY_RESPONSE; } else { + String cleanTerm = SparqlQueryUtils.escapeForRegex(term); String queryStr = QUERY_BASIC_PROFILES.replace("%typesUnion%", - buildTypeClause()).replace("%term%", term); + buildTypeClause()).replace("%term%", cleanTerm); JSONArray jsonArray = new SparqlQueryRunner(fullModel, new BasicProfileInfoParser()).executeQuery(queryStr); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java index 4bcc599cb..10f78e272 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java @@ -26,6 +26,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.ModelContext; import edu.cornell.mannlib.vitro.webapp.dao.jena.OntModelSelector; import edu.cornell.mannlib.vitro.webapp.utils.ImageUtil; import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryRunner; +import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils; /** * Get the basic auto-complete info for the proxy selection. @@ -73,7 +74,8 @@ public class BasicProxiesGetter extends AbstractAjaxResponder { if (term.isEmpty()) { return EMPTY_RESPONSE; } else { - String queryStr = QUERY_BASIC_PROXIES.replace("%term%", term); + String cleanTerm = SparqlQueryUtils.escapeForRegex(term); + String queryStr = QUERY_BASIC_PROXIES.replace("%term%", cleanTerm); JSONArray jsonArray = new SparqlQueryRunner( userAccountsModel, new BasicProxyInfoParser(