Groonga - fulltext search engine.

[Groonga-commit] droonga/drnbench at 38af0e9 [master] Split options to sanitaize and escape.

SHIMODA Piro Hiroshi null+****@clear*****
Sat Oct 4 20:34:26 JST 2014

• Previous message: [Groonga-commit] groonga/groonga.org at a5fb073 [gh-pages] related-project: add pyroonga
• Next message: [Groonga-commit] droonga/drnbench at 38af0e9 [master] Split options to sanitaize and escape.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SHIMODA "Piro" Hiroshi	2014-10-04 20:34:26 +0900 (Sat, 04 Oct 2014)

  New Revision: 38af0e9cb9a525acfb6a365720acfee829df765f
  https://github.com/droonga/drnbench/commit/38af0e9cb9a525acfb6a365720acfee829df765f

  Message:
    Split options to sanitaize and escape.
    
    And, escape "&", ";" also for a query parameter.

  Modified files:
    bin/drnbench-extract-searchterms

  Modified: bin/drnbench-extract-searchterms (+13 -3)
===================================================================
--- bin/drnbench-extract-searchterms    2014-10-04 20:24:23 +0900 (2e5f6f4)
+++ bin/drnbench-extract-searchterms    2014-10-04 20:34:26 +0900 (e4b711d)
@@ -19,9 +19,11 @@ require "drnbench"
 require "ostruct"
 require "optparse"
 require "json"
+require "uri"
 
 options = OpenStruct.new
 options.column_index = 0
+options.sanitize = false
 options.escape = false
 
 option_parser = OptionParser.new do |parser|
@@ -32,6 +34,10 @@ option_parser = OptionParser.new do |parser|
             "(#{options.output_column_index})") do |index|
     options.column_index = index
   end
+  parser.on("--sanitize",
+            "Sanitize dangerous characters for \"query\" parameter") do
+    options.sanitize = true
+  end
   parser.on("--escape",
             "Escape output for URL parameter") do
     options.escape = true
@@ -40,11 +46,14 @@ end
 
 groonga_select_result_files = option_parser.parse!(ARGV)
 
-def sanitize_for_param(value)
+def sanitize_for_query(value)
   value.to_s
        .gsub(/[:;]/, " ")
        .strip
-       .gsub(/ +/, "%20")
+end
+
+def escape_for_param(value)
+  URI.escape(URI.escape(value.to_s), /[;&]/)
 end
 
 def output_column_value(select_result, column_index)
@@ -54,7 +63,8 @@ def output_column_value(select_result, column_index)
   records = search_result[2..-1]
   records.each do |record|
     value = record[column_index]
-    value = sanitize_for_param(value) if options.escape
+    value = sanitize_for_query(value) if options.sanitize
+    value = escape_for_param(value) if options.escape
     puts(value)
   end
 end
-------------- next part --------------
HTML����������������������������...
Download 

• Previous message: [Groonga-commit] groonga/groonga.org at a5fb073 [gh-pages] related-project: add pyroonga
• Next message: [Groonga-commit] droonga/drnbench at 38af0e9 [master] Split options to sanitaize and escape.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]