From a73b84309c6f30582683f62690d6596a97266c89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Bedna=C5=99=C3=ADk?= <jan.bednarik@gmail.com>
Date: Mon, 13 Nov 2017 12:11:02 +0100
Subject: [PATCH] Sanitize query input.

---
 openlobby/schema.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openlobby/schema.py b/openlobby/schema.py
index 51aef68..44c7c3d 100644
--- a/openlobby/schema.py
+++ b/openlobby/schema.py
@@ -1,3 +1,4 @@
+import re
 from elasticsearch import NotFoundError
 import graphene
 from graphene import relay
@@ -64,6 +65,7 @@ class Query(graphene.ObjectType):
     def resolve_reports(self, info, query=''):
         s = ReportDoc.search(using=info.context['es'])
         if query != '':
+            query = ' '.join(re.findall(r'(\b\w+)', query))
             s = s.query('multi_match', query=query, fields=['title', 'body', 'received_benefit', 'provided_benefit'])
         s = s.sort('-published')
         s = s[:20]
-- 
GitLab