Shell escape code search

author Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)

committer Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)
author Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)
committer Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)
diff --git a/app/contexts/search_context.rb b/app/contexts/search_context.rb

index 48def07..ff32297 100644 (file)
--- a/app/contexts/search_context.rb
+++ b/app/contexts/search_context.rb
@@ -6,7 +6,7 @@ class SearchContext
    end
  
    def execute
-    query = params[:search]
+    query = Shellwords.shellescape(params[:search])
  
      return result unless query.present?
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
	Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
	Thu, 31 Oct 2013 09:25:08 +0000 (11:25 +0200)