diff options
author | Corey Hulen <corey@hulen.com> | 2015-11-04 13:55:26 -0800 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2015-11-04 13:55:26 -0800 |
commit | 8b8419d5ba70a3d6f8c95853ba5102f43f46599d (patch) | |
tree | b364b2ffaec7e28b03eb0c15f1ed0abff582e97c /api | |
parent | aee6d9b608aceb7b68ab1e1a583917c2c3ee4485 (diff) | |
parent | 40e0ba37ca4162679d540c42f126f8fca2aaaad8 (diff) | |
download | chat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.tar.gz chat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.tar.bz2 chat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.zip |
Merge pull request #1299 from hmhealey/plt974
PLT-974 Prevented searching for "*"
Diffstat (limited to 'api')
-rw-r--r-- | api/post.go | 5 | ||||
-rw-r--r-- | api/post_test.go | 4 |
2 files changed, 8 insertions, 1 deletions
diff --git a/api/post.go b/api/post.go index 31a7ab3b5..b52db8752 100644 --- a/api/post.go +++ b/api/post.go @@ -890,7 +890,10 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) { channels := []store.StoreChannel{} for _, params := range paramsList { - channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params)) + // don't allow users to search for everything + if params.Terms != "*" { + channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params)) + } } posts := &model.PostList{} diff --git a/api/post_test.go b/api/post_test.go index 3452c9788..0cb437e88 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -450,6 +450,10 @@ func TestSearchPosts(t *testing.T) { if len(r3.Order) != 1 && r3.Order[0] == post3.Id { t.Fatal("wrong serach") } + + if r4 := Client.Must(Client.SearchPosts("*")).Data.(*model.PostList); len(r4.Order) != 0 { + t.Fatal("searching for just * shouldn't return any results") + } } func TestSearchHashtagPosts(t *testing.T) { |