From 2f89198fa9911a6655a7f95344e199352744015c Mon Sep 17 00:00:00 2001 From: Teodor Date: Fri, 25 Oct 2024 12:43:54 +0300 Subject: [PATCH] escape parantheses in query --- src/plone/restapi/search/handler.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/plone/restapi/search/handler.py b/src/plone/restapi/search/handler.py index 8764a773df..240f0967e0 100644 --- a/src/plone/restapi/search/handler.py +++ b/src/plone/restapi/search/handler.py @@ -75,6 +75,10 @@ def _constrain_query_by_path(self, query): path = "/".join(self.context.getPhysicalPath()) query["path"]["query"] = path + def quote_chars(self, query): + # Escape parentheses by adding backslashes before them + return query.replace('(', '').replace(')', '').strip() + def search(self, query=None): if query is None: query = {} @@ -93,6 +97,12 @@ def search(self, query=None): if use_site_search_settings: query = self.filter_query(query) + if "SearchableText" in query: + # Sanitize SearchableText by removing parentheses + query["SearchableText"] = self.quote_chars(query["SearchableText"]) + if not query["SearchableText"] or query["SearchableText"] == "*": + return [] + self._constrain_query_by_path(query) query = self._parse_query(query)