summaryrefslogtreecommitdiffstats
path: root/api
diff options
context:
space:
mode:
authorCorey Hulen <corey@hulen.com>2015-11-04 13:55:26 -0800
committerCorey Hulen <corey@hulen.com>2015-11-04 13:55:26 -0800
commit8b8419d5ba70a3d6f8c95853ba5102f43f46599d (patch)
treeb364b2ffaec7e28b03eb0c15f1ed0abff582e97c /api
parentaee6d9b608aceb7b68ab1e1a583917c2c3ee4485 (diff)
parent40e0ba37ca4162679d540c42f126f8fca2aaaad8 (diff)
downloadchat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.tar.gz
chat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.tar.bz2
chat-8b8419d5ba70a3d6f8c95853ba5102f43f46599d.zip
Merge pull request #1299 from hmhealey/plt974
PLT-974 Prevented searching for "*"
Diffstat (limited to 'api')
-rw-r--r--api/post.go5
-rw-r--r--api/post_test.go4
2 files changed, 8 insertions, 1 deletions
diff --git a/api/post.go b/api/post.go
index 31a7ab3b5..b52db8752 100644
--- a/api/post.go
+++ b/api/post.go
@@ -890,7 +890,10 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
channels := []store.StoreChannel{}
for _, params := range paramsList {
- channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params))
+ // don't allow users to search for everything
+ if params.Terms != "*" {
+ channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params))
+ }
}
posts := &model.PostList{}
diff --git a/api/post_test.go b/api/post_test.go
index 3452c9788..0cb437e88 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -450,6 +450,10 @@ func TestSearchPosts(t *testing.T) {
if len(r3.Order) != 1 && r3.Order[0] == post3.Id {
t.Fatal("wrong serach")
}
+
+ if r4 := Client.Must(Client.SearchPosts("*")).Data.(*model.PostList); len(r4.Order) != 0 {
+ t.Fatal("searching for just * shouldn't return any results")
+ }
}
func TestSearchHashtagPosts(t *testing.T) {