From e442a3c92d839898bcc31a10479461fb57ca516c Mon Sep 17 00:00:00 2001
From: Stella Lok <oinvertedworld@gmail.com>
Date: Wed, 8 Apr 2015 23:10:37 +0800
Subject: [PATCH] Escape query used in opportunity search. This addresses the
 reported issue "[Bug] Searching "C++" returns 500 error on /jobs". Added the
 relevant tests to opportunity controller spec.

---
 app/controllers/opportunities_controller.rb      |  4 +++-
 spec/controllers/opportunity_controlller_spec.rb | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/controllers/opportunities_controller.rb b/app/controllers/opportunities_controller.rb
index 2a5ab98d..3c7312e9 100644
--- a/app/controllers/opportunities_controller.rb
+++ b/app/controllers/opportunities_controller.rb
@@ -166,6 +166,8 @@ def geocode_location(location)
   def get_jobs_for(chosen_location, tag, page, query = nil, remote_allowed = false)
     scope = Opportunity
 
+    escaped_query = query.nil? ? query : Regexp.escape(query)
+
     if remote_allowed
       scope = scope.where(remote: true)
     else
@@ -173,7 +175,7 @@ def get_jobs_for(chosen_location, tag, page, query = nil, remote_allowed = false
     end
 
     scope = scope.by_tag(tag) unless tag.nil?
-    scope = scope.by_query(query) if query
+    scope = scope.by_query(escaped_query) if escaped_query
     # TODO: Verify that there are no unmigrated teams
     scope = scope.where('team_id is not null')
     scope.offset((page-1) * 20)
diff --git a/spec/controllers/opportunity_controlller_spec.rb b/spec/controllers/opportunity_controlller_spec.rb
index e9231e5c..7220f3b1 100644
--- a/spec/controllers/opportunity_controlller_spec.rb
+++ b/spec/controllers/opportunity_controlller_spec.rb
@@ -46,6 +46,17 @@
           expect(assigns(:jobs)).to_not be_include(@opportunity2)
         end
       end
+
+      context "by query with keywords containing regexp special characters" do
+        it "should NOT fail when querying with keywords containing '+'" do
+          get :index, location: nil, q: 'C++'
+          expect(assigns(:jobs))
+        end
+        it "should NOT fail when querying with keywords containing '.^$*+?()[{\|'" do
+          get :index, location: nil, q: 'java .^$*+?()[{\|'
+          expect(assigns(:jobs))
+        end
+      end
     end
   end
 end