Hi,
I have a search I am using that looks like this:
@results = SomeModel.search params[:criteria], :conditions =>
{:some_id => session[:some_id].to_i}
The returns all results matching the search criteria entered by the
user, limiting it to the id of that user. My issue is that is the
user inputs something like "banana | " or "banana - " then the result
set includes entries that do not belong to the user, since the search
string becomes "where banana OR some_id" (ir, uses the OR or NOT
clause on some_id that I specify in the conditions hash). This is
quite a security concern within my application.
Is there a way to turn off the use of these clauses, or is my only
option to do some string processing on the user input to strip them
out if there is no text after them? I can't add the condition to the
define_index block using the where statement since it is a runtime
value.
Any ideas on how I can handle this?
Thanks,
Simon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Thinking Sphinx" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/thinking-sphinx?hl=en
-~----------~----~----~----~------~----~------~--~---
