shared: sqlitesearch: Escape FTS arguments

Most users are not to be expected to be familiar with
sqlite's FTS syntax. It also leads to unnnecessary
arrows in some instances.

So wrap every space separated word in quotes, unless
it's already in quotes. Then we just escape those with
double-quotes.
This commit is contained in:
Albert S. 2022-07-28 15:10:03 +02:00
부모 1188e51c35
커밋 1849eba190
2개의 변경된 파일25개의 추가작업 그리고 2개의 파일을 삭제

파일 보기

@ -66,6 +66,28 @@ QString SqliteSearch::createSortSql(const QVector<SortCondition> sortConditions)
return "";
}
QString SqliteSearch::escapeFtsArgument(QString ftsArg)
{
QString result;
QRegularExpression extractor(R"#("([^"]*)"|([^\s]+))#");
QRegularExpressionMatchIterator i = extractor.globalMatch(ftsArg);
while(i.hasNext())
{
QRegularExpressionMatch m = i.next();
QString value = m.captured(1);
if(value.isEmpty())
{
value = m.captured(2);
}
else
{
value = "\"\"" + value + "\"\"";
}
result += "\"" + value + "\" ";
}
return result;
}
QPair<QString, QVector<QString>> createNonArgPair(QString key)
{
return {" " + key + " ", QVector<QString>()};
@ -117,7 +139,7 @@ QPair<QString, QVector<QString>> SqliteSearch::createSql(const Token &token)
{
return {" content.id IN (SELECT fts.ROWID FROM fts WHERE fts.content MATCH ? ORDER BY "
"rank) ",
{value}};
{escapeFtsArgument(value)}};
}
throw LooqsGeneralException("Unknown token passed (should not happen)");
}
@ -145,7 +167,7 @@ QSqlQuery SqliteSearch::makeSqlQuery(const LooqsQuery &query)
ftsAlreadyJoined = true;
}
whereSql += " fts.content MATCH ? ";
bindValues.append(token.value);
bindValues.append(escapeFtsArgument(token.value));
}
else
{

파일 보기

@ -18,6 +18,7 @@ class SqliteSearch
QString fieldToColumn(QueryField field);
QPair<QString, QVector<QString>> createSql(const Token &token);
QString createSortSql(const QVector<SortCondition> sortConditions);
QString escapeFtsArgument(QString ftsArg);
};
#endif // SQLITESEARCH_H