From af2ff9ef7945b20bfe1d92e65cfe778018f72cac Mon Sep 17 00:00:00 2001
From: x2003bruneau <x2003bruneau@839d8a87-29fc-0310-9880-83ba4fa771e5>
Date: Tue, 17 Apr 2007 21:08:35 +0000
Subject: [PATCH] Escape regexps for autocompletion

 htdocs/javascript/xorg.js     |   17 +++++++++++++++++
 modules/search.php            |    1 +
 templates/search/adv.form.tpl |    2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)



git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1714 839d8a87-29fc-0310-9880-83ba4fa771e5
---
 htdocs/javascript/xorg.js     | 17 +++++++++++++++++
 modules/search.php            |  1 +
 templates/search/adv.form.tpl |  2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/htdocs/javascript/xorg.js b/htdocs/javascript/xorg.js
index 7fcd6f0..31b9a28 100644
--- a/htdocs/javascript/xorg.js
+++ b/htdocs/javascript/xorg.js
@@ -125,6 +125,23 @@ function dynpostkv(action, k, v)
 }
 
 // }}}
+// {{{ function RegExp.escape()
+
+RegExp.escape = function(text) {
+  if (!arguments.callee.sRE) {
+    var specials = [
+      '/', '.', '*', '+', '?', '|',
+      '(', ')', '[', ']', '{', '}',
+      '\\', '^' , '$'
+    ];
+    arguments.callee.sRE = new RegExp(
+      '(\\' + specials.join('|\\') + ')', 'g'
+    );
+  }
+  return text.replace(arguments.callee.sRE, '\\$1');
+}
+
+// }}}
 
 /***************************************************************************
  * POPUP THINGS
diff --git a/modules/search.php b/modules/search.php
index 832786d..9845509 100644
--- a/modules/search.php
+++ b/modules/search.php
@@ -183,6 +183,7 @@ class SearchModule extends PLModule
         }
         
         // default search
+        $q = preg_quote($q);
         $unique = '`user_id`';
         $db = '`auth_user_md5`';
         $realid = false;
diff --git a/templates/search/adv.form.tpl b/templates/search/adv.form.tpl
index 64fc31a..77aac66 100644
--- a/templates/search/adv.form.tpl
+++ b/templates/search/adv.form.tpl
@@ -30,7 +30,7 @@
         // display an autocomplete row : blabla (nb of found matches)
         function make_format_autocomplete(block) {
           return function(row) {
-              regexp = new RegExp('(' + block.value + ')', 'i');
+              regexp = new RegExp('(' + RegExp.escape(block.value) + ')', 'i');
               name = row[0].replace(regexp, '<strong>$1</strong>');
               if (row[1] == 1) {
                 return name;
-- 
2.1.4