From 23c35af9ef2ca392b5e9a026c5517b0a7c1a2f20 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Thu, 27 Apr 2023 16:33:24 +0100
Subject: [PATCH] Review of #4202, Rolled out to other searches, added testing

---
 app/Search/SearchRunner.php       |  6 +++++-
 tests/Entity/EntitySearchTest.php | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/Search/SearchRunner.php b/app/Search/SearchRunner.php
index d11dcde01..a0fd1fe3d 100644
--- a/app/Search/SearchRunner.php
+++ b/app/Search/SearchRunner.php
@@ -173,6 +173,7 @@ class SearchRunner
         // Handle exact term matching
         foreach ($searchOpts->exacts as $inputTerm) {
             $entityQuery->where(function (EloquentBuilder $query) use ($inputTerm, $entityModelInstance) {
+                $inputTerm = str_replace('\\', '\\\\', $inputTerm);
                 $query->where('name', 'like', '%' . $inputTerm . '%')
                     ->orWhere($entityModelInstance->textField, 'like', '%' . $inputTerm . '%');
             });
@@ -218,7 +219,7 @@ class SearchRunner
         $subQuery->where('entity_type', '=', $entity->getMorphClass());
         $subQuery->where(function (Builder $query) use ($terms) {
             foreach ($terms as $inputTerm) {
-                $inputTerm = (strpos($inputTerm, "\\") !== false) ? str_replace("\\", "\\\\", $inputTerm) : $inputTerm;
+                $inputTerm = str_replace('\\', '\\\\', $inputTerm);
                 $query->orWhere('term', 'like', $inputTerm . '%');
             }
         });
@@ -355,6 +356,9 @@ class SearchRunner
                     $tagValue = (float) trim($connection->getPdo()->quote($tagValue), "'");
                     $query->whereRaw("value {$tagOperator} {$tagValue}");
                 } else {
+                    if ($tagOperator === 'like') {
+                        $tagValue = str_replace('\\', '\\\\', $tagValue);
+                    }
                     $query->where('value', $tagOperator, $tagValue);
                 }
             } else {
diff --git a/tests/Entity/EntitySearchTest.php b/tests/Entity/EntitySearchTest.php
index 4563fb651..170269941 100644
--- a/tests/Entity/EntitySearchTest.php
+++ b/tests/Entity/EntitySearchTest.php
@@ -444,6 +444,26 @@ class EntitySearchTest extends TestCase
         $search->assertSee($page->getUrl(), false);
     }
 
+    public function test_backslashes_can_be_searched_upon()
+    {
+        $page = $this->entities->newPage(['name' => 'TermA', 'html' => '
+            <p>More info is at the path \\\\cat\\dog\\badger</p>
+        ']);
+        $page->tags()->save(new Tag(['name' => '\\Category', 'value' => '\\animals\\fluffy']));
+
+        $search = $this->asEditor()->get('/search?term=' . urlencode('\\\\cat\\dog'));
+        $search->assertSee($page->getUrl(), false);
+
+        $search = $this->asEditor()->get('/search?term=' . urlencode('"\\dog\\"'));
+        $search->assertSee($page->getUrl(), false);
+
+        $search = $this->asEditor()->get('/search?term=' . urlencode('"\\badger\\"'));
+        $search->assertDontSee($page->getUrl(), false);
+
+        $search = $this->asEditor()->get('/search?term=' . urlencode('[\\Categorylike%\\fluffy]'));
+        $search->assertSee($page->getUrl(), false);
+    }
+
     public function test_searches_with_user_filters_adds_them_into_advanced_search_form()
     {
         $resp = $this->asEditor()->get('/search?term=' . urlencode('test {updated_by:dan} {created_by:dan}'));