CHEF-2102 Properly URI escape/decode the search query string

3 files changed, 24 insertions, 24 deletions

diff --git a/chef-server-webui/app/controllers/search.rb b/chef-server-webui/app/controllers/search.rb
index d517aec861..1d5ce51b64 100644
--- a/chef-server-webui/app/controllers/search.rb
+++ b/chef-server-webui/app/controllers/search.rb
@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -19,10 +19,10 @@
 require 'chef' / 'search' / 'query'
 
 class Search < Application
-  
+
   provides :html
-  before :login_required 
-    
+  before :login_required
+
   def index
     @s = Chef::Search::Query.new
     @search_indexes = begin
@@ -31,20 +31,20 @@ class Search < Application
                         Chef::Log.error("#{e}\n#{e.backtrace.join("\n")}")
                         @_message = {:error => "Could not list search indexes"}
                         {}
-                      end 
+                      end
     render
   end
 
   def show
     begin
       @s = Chef::Search::Query.new
-      query = params[:q].nil? ? "*:*" : (params[:q].empty? ? "*:*" : params[:q])
-      @results = @s.search(params[:id], query)      
+      query = (params[:q].nil? || params[:q].empty?) ? "*:*" : URI.escape(params[:q], Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+      @results = @s.search(params[:id], query)
       @type = if params[:id].to_s == "node" || params[:id].to_s == "role" || params[:id].to_s == "client"
                 params[:id]
-              else 
-                "databag" 
-              end               
+              else
+                "databag"
+              end
       @results = @results - @results.last(2)
       @results.each do |result|
         result.delete(nil)
@@ -56,7 +56,7 @@ class Search < Application
       @_message = { :error => "Unable to find the #{params[:id]}. (#{$!})" }
       @search_indexes = @s.list_indexes
       render :index
-    end  
+    end
   end
-  
+
 end
diff --git a/chef/lib/chef/knife/search.rb b/chef/lib/chef/knife/search.rb
index 4f58093690..45bd8f51d4 100644
--- a/chef/lib/chef/knife/search.rb
+++ b/chef/lib/chef/knife/search.rb
@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -31,14 +31,14 @@ class Chef
         :description => "The order to sort the results in",
         :default => nil
 
-      option :start, 
+      option :start,
         :short => "-b ROW",
         :long => "--start ROW",
         :description => "The row to start returning results at",
         :default => 0,
         :proc => lambda { |i| i.to_i }
 
-      option :rows, 
+      option :rows,
         :short => "-R INT",
         :long => "--rows INT",
         :description => "The number of rows to return",
@@ -60,14 +60,14 @@ class Chef
         :long => "--id-only",
         :description => "Show only the ID of matching objects"
 
-      def run 
+      def run
         q = Chef::Search::Query.new
         display = { :total => 0, :start => config[:start] ? config[:start] : 0, :rows => [ ] }
 
-        q.search(@name_args[0], @name_args[1], config[:sort], config[:start] ? config[:start] : 0, config[:rows] ? config[:rows] : 20) do |item|
+        q.search(@name_args[0], URI.escape(@name_args[1], Regexp.new("[^#{URI::PATTERN::UNRESERVED}]")), config[:sort], config[:start] ? config[:start] : 0, config[:rows] ? config[:rows] : 20) do |item|
           formatted_item = format_for_display(item)
           if formatted_item.respond_to?(:has_key?) && !formatted_item.has_key?('id')
-            formatted_item['id'] = item.has_key?('id') ? item['id'] : item.name 
+            formatted_item['id'] = item.has_key?('id') ? item['id'] : item.name
           end
           display[:rows] << formatted_item
           display[:total] += 1
@@ -79,7 +79,7 @@ class Chef
               puts row[config[:attribute]] if row.has_key?(config[:attribute]) && !row[config[:attribute]].nil?
             end
           else
-            puts display[:rows].join("\n") 
+            puts display[:rows].join("\n")
           end
         else
           output(display)
diff --git a/chef/lib/chef/solr_query.rb b/chef/lib/chef/solr_query.rb
index 77b0660e30..9830befbb3 100644
--- a/chef/lib/chef/solr_query.rb
+++ b/chef/lib/chef/solr_query.rb
@@ -39,7 +39,7 @@ class Chef
 
     attr_accessor :query
     attr_accessor :params
-    
+
     # Create a new Query object - takes the solr_url and optional
     # Chef::CouchDB object to inflate objects into.
     def initialize(couchdb = nil)
@@ -58,7 +58,7 @@ class Chef
           @database = couchdb.couchdb_database
           @couchdb = couchdb
         end
-      end 
+      end
     end
 
     def self.from_params(params, couchdb=nil)
@@ -97,7 +97,7 @@ class Chef
     end
 
     def update_query_from_params
-      original_query = params.delete(:q) || "*:*"
+      original_query = URI.decode(params.delete(:q) || "*:*")
       @query = Chef::SolrQuery::QueryTransform.transform(original_query)
     end