NIHVIVO-3298 Use SparqlQueryUtils.escapeForRegex() to properly handle special characters in the query term.

2011-11-11 22:07:49 +00:00 · 2011-11-11 22:07:49 +00:00 · 6d8494f7f6
commit 6d8494f7f6
parent 402f06beb6
3 changed files with 9 additions and 3 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/ajax/ProfileAutoCompleter.java
@ -30,6 +30,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.AbstractAjaxResponder;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
 import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils;
 /**
 * Get a list of Profiles with last names that begin with this search term, and
@ -122,9 +123,10 @@ class ProfileAutoCompleter extends AbstractAjaxResponder {
 	}
 	private String prepareQueryString() {
 		String cleanTerm = SparqlQueryUtils.escapeForRegex(term);
 		String queryString = QUERY_TEMPLATE
 				.replace("%matchingPropertyUri%", selfEditingIdMatchingProperty)
-				.replace("%searchTerm%", term)
+				.replace("%searchTerm%", cleanTerm)
 				.replace("%externalAuthId%", externalAuthId);
 		log.debug("Query string is '" + queryString + "'");
 		return queryString;
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProfilesGetter.java
@ -24,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.utils.ImageUtil;
 import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryRunner;
 import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils;
 /**
 * Get the basic auto-complete info for the profile selection.
@ -68,8 +69,9 @@ public class BasicProfilesGetter extends AbstractAjaxResponder {
 		if (term.isEmpty()) {
 			return EMPTY_RESPONSE;
 		} else {
 			String cleanTerm = SparqlQueryUtils.escapeForRegex(term);
 			String queryStr = QUERY_BASIC_PROFILES.replace("%typesUnion%",
-					buildTypeClause()).replace("%term%", term);
+					buildTypeClause()).replace("%term%", cleanTerm);
 			JSONArray jsonArray = new SparqlQueryRunner<JSONArray>(fullModel,
 					new BasicProfileInfoParser()).executeQuery(queryStr);
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/BasicProxiesGetter.java
@ -26,6 +26,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.ModelContext;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.OntModelSelector;
 import edu.cornell.mannlib.vitro.webapp.utils.ImageUtil;
 import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryRunner;
 import edu.cornell.mannlib.vitro.webapp.utils.SparqlQueryUtils;
 /**
 * Get the basic auto-complete info for the proxy selection.
@ -73,7 +74,8 @@ public class BasicProxiesGetter extends AbstractAjaxResponder {
 		if (term.isEmpty()) {
 			return EMPTY_RESPONSE;
 		} else {
-			String queryStr = QUERY_BASIC_PROXIES.replace("%term%", term);
+			String cleanTerm = SparqlQueryUtils.escapeForRegex(term);
 			String queryStr = QUERY_BASIC_PROXIES.replace("%term%", cleanTerm);
 			JSONArray jsonArray = new SparqlQueryRunner<JSONArray>(
 					userAccountsModel, new BasicProxyInfoParser(