Revision 25d9019c
Added by Amos Benari about 10 years ago
| app/controllers/concerns/foreman/controller/auto_complete_search.rb | ||
|---|---|---|
|
model = controller_name == "hosts" ? Host::Managed : model_of_controller
|
||
|
@items = model.complete_for(params[:search])
|
||
|
@items = @items.map do |item|
|
||
|
category = (['and','or','not','has'].include?(item.to_s.sub(/^.*\s+/,''))) ? 'Operators' : ''
|
||
|
category = (['and','or','not','has'].include?(item.to_s.sub(/^.*\s+/,''))) ? _('Operators') : ''
|
||
|
part = item.to_s.sub(/^.*\b(and|or)\b/i) {|match| match.sub(/^.*\s+/,'')}
|
||
|
completed = item.to_s.chomp(part)
|
||
|
{:completed => completed, :part => part, :label => item, :category => category}
|
||
|
{:completed => CGI::escapeHTML(completed), :part => CGI::escapeHTML(part), :label => item, :category => category}
|
||
|
end
|
||
|
rescue ScopedSearch::QueryNotSupported => e
|
||
|
@items = [{:error =>e.to_s}]
|
||
Also available in: Unified diff
fixes #5471 html escape auto-completer values (CVE-2014-0208)
(cherry picked from commit ee672544f1ad5990ca0e39acd86f83cbbe06ebe9)