Skip to content

Commit 6df88d1

Browse files
alexander-schranzalexander-schranz
authored
Fix Filter Value escaping for different Adapters (#293)
1 parent 6600d98 commit 6df88d1

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

src/LoupeSearcher.php

+18-7
Original file line numberDiff line numberDiff line change
@@ -75,14 +75,14 @@ public function search(Search $search): Result
7575
$filters = [];
7676
foreach ($search->filters as $filter) {
7777
match (true) {
78-
$filter instanceof Condition\IdentifierCondition => $filters[] = $index->getIdentifierField()->name . ' = \'' . $filter->identifier . '\'', // TODO escape?
78+
$filter instanceof Condition\IdentifierCondition => $filters[] = $index->getIdentifierField()->name . ' = ' . $this->escapeFilterValue($filter->identifier),
7979
$filter instanceof Condition\SearchCondition => $query = $filter->query,
80-
$filter instanceof Condition\EqualCondition => $filters[] = $filter->field . ' = \'' . $filter->value . '\'', // TODO escape?
81-
$filter instanceof Condition\NotEqualCondition => $filters[] = $filter->field . ' != \'' . $filter->value . '\'', // TODO escape?
82-
$filter instanceof Condition\GreaterThanCondition => $filters[] = $filter->field . ' > ' . $filter->value, // TODO escape?
83-
$filter instanceof Condition\GreaterThanEqualCondition => $filters[] = $filter->field . ' >= ' . $filter->value, // TODO escape?
84-
$filter instanceof Condition\LessThanCondition => $filters[] = $filter->field . ' < ' . $filter->value, // TODO escape?
85-
$filter instanceof Condition\LessThanEqualCondition => $filters[] = $filter->field . ' <= ' . $filter->value, // TODO escape?
80+
$filter instanceof Condition\EqualCondition => $filters[] = $filter->field . ' = ' . $this->escapeFilterValue($filter->value),
81+
$filter instanceof Condition\NotEqualCondition => $filters[] = $filter->field . ' != ' . $this->escapeFilterValue($filter->value),
82+
$filter instanceof Condition\GreaterThanCondition => $filters[] = $filter->field . ' > ' . $this->escapeFilterValue($filter->value),
83+
$filter instanceof Condition\GreaterThanEqualCondition => $filters[] = $filter->field . ' >= ' . $this->escapeFilterValue($filter->value),
84+
$filter instanceof Condition\LessThanCondition => $filters[] = $filter->field . ' < ' . $this->escapeFilterValue($filter->value),
85+
$filter instanceof Condition\LessThanEqualCondition => $filters[] = $filter->field . ' <= ' . $this->escapeFilterValue($filter->value),
8686
default => throw new \LogicException($filter::class . ' filter not implemented.'),
8787
};
8888
}
@@ -122,6 +122,17 @@ public function search(Search $search): Result
122122
);
123123
}
124124

125+
private function escapeFilterValue(string|int|float|bool $value): string
126+
{
127+
// TODO replace with SearchParameters::escapeFilterValue once updated Loupe to 0.5
128+
// see also https://github.com/loupe-php/loupe/pull/54
129+
return match (true) {
130+
\is_bool($value) => $value ? '1' : '0',
131+
\is_int($value), \is_float($value) => (string) $value,
132+
default => "'" . \str_replace("'", "''", $value) . "'"
133+
};
134+
}
135+
125136
/**
126137
* @param Index[] $indexes
127138
* @param iterable<array<string, mixed>> $hits

0 commit comments

Comments
 (0)