FIX: prevents exception when search q params is a hash (#7437)

FIX: prevents exception when search q params is a hash (#7437)

  • FIX: prevents exception when searh q params is a hash

  • raise when invalid format

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 621788f..1502270 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -9,8 +9,18 @@ class SearchController < ApplicationController
   end
 
   def show
-    @search_term = params[:q]
-    raise Discourse::InvalidParameters.new(:q) if @search_term.present? && @search_term.length < SiteSetting.min_search_term_length
+    @search_term = params.permit(:q)[:q]
+
+    # a q param has been given but it's not in the correct format
+    # eg: ?q[foo]=bar
+    if params[:q].present? && !@search_term.present?
+      raise Discourse::InvalidParameters.new(:q)
+    end
+
+    if @search_term.present? &&
+       @search_term.length < SiteSetting.min_search_term_length
+      raise Discourse::InvalidParameters.new(:q)
+    end
 
     search_args = {
       type_filter: 'topic',
diff --git a/spec/requests/search_controller_spec.rb b/spec/requests/search_controller_spec.rb
index ca3e20f..b453026 100644
--- a/spec/requests/search_controller_spec.rb
+++ b/spec/requests/search_controller_spec.rb
@@ -137,6 +137,11 @@ describe SearchController do
       expect(response.status).to eq(400)
     end
 
+    it "raises an error when search term is a hash" do
+      get "/search.json?q[foo]"
+      expect(response.status).to eq(400)
+    end
+
     it "logs the search term" do
       SiteSetting.log_search_queries = true
       get "/search.json", params: { q: 'bantha' }

GitHub sha: fe86941c

1 Like