[PR #721] [MERGED] fix(db): handle usage of special characters in searches #750

New issue

Closed

opened 2026-02-25 23:35:20 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 23:35:20 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/go-shiori/shiori/pull/721
Author: @fmartingr
Created: 9/10/2023
Status: ✅ Merged
Merged: 9/11/2023
Merged by: @fmartingr

Base: master ← Head: fmartingr/issue717

📝 Commits (4)

31be2d3 handle full text search for failing cases
be2719b added test
6ce36e9 test getbookmarkcount too
64243b9 replaceall, fix getbookmarkcount

📊 Changes

3 files changed (+72 additions, -36 deletions)

View changed files

📝 internal/database/database_test.go (+43 -12)
📝 internal/database/pg.go (+8 -9)
📝 internal/database/sqlite.go (+21 -15)

📄 Description

The current queries are built by concatenating strings in the code, rather than in the database, meaning we lose sanitization on the database side.

This PR adds a new test that checks queries with some special characters to avoid failures, while doing:

String concatenation for LIKE queries in the query directly
Properly quoting FTS5 search queries in SQLite
Properly parsing double quotes in SQLite queries for FTS5.

Fixes #717

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-shiori/shiori/pull/721 **Author:** [@fmartingr](https://github.com/fmartingr) **Created:** 9/10/2023 **Status:** ✅ Merged **Merged:** 9/11/2023 **Merged by:** [@fmartingr](https://github.com/fmartingr) **Base:** `master` ← **Head:** `fmartingr/issue717` --- ### 📝 Commits (4) - [`31be2d3`](https://github.com/go-shiori/shiori/commit/31be2d3395875ba3e80b173556909e3a1dd3720a) handle full text search for failing cases - [`be2719b`](https://github.com/go-shiori/shiori/commit/be2719bd5cd5264b92ff833a7695a15b8ee715d1) added test - [`6ce36e9`](https://github.com/go-shiori/shiori/commit/6ce36e90de960e786fcb834dda83e8e9c05a2c4f) test getbookmarkcount too - [`64243b9`](https://github.com/go-shiori/shiori/commit/64243b9f5e063402c231f0515362c80acfc7c21e) replaceall, fix getbookmarkcount ### 📊 Changes **3 files changed** (+72 additions, -36 deletions) <details> <summary>View changed files</summary> 📝 `internal/database/database_test.go` (+43 -12) 📝 `internal/database/pg.go` (+8 -9) 📝 `internal/database/sqlite.go` (+21 -15) </details> ### 📄 Description The current queries are built by concatenating strings in the code, rather than in the database, meaning we lose sanitization on the database side. This PR adds a new test that checks queries with some special characters to avoid failures, while doing: - String concatenation for `LIKE` queries in the query directly - Properly quoting FTS5 search queries in SQLite - Properly parsing double quotes in SQLite queries for FTS5. Fixes #717 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>