I was able to do this with ThinkingSphinx::Search("@attr1 'blah' | @attr2
'blah2'", :search_mode => :extended)On Mon, May 4, 2009 at 7:22 AM, Simon <[email protected]> wrote: > > Hi, > > I have a search I am using that looks like this: > @results = SomeModel.search params[:criteria], :conditions => > {:some_id => session[:some_id].to_i} > > The returns all results matching the search criteria entered by the > user, limiting it to the id of that user. My issue is that is the > user inputs something like "banana | " or "banana - " then the result > set includes entries that do not belong to the user, since the search > string becomes "where banana OR some_id" (ir, uses the OR or NOT > clause on some_id that I specify in the conditions hash). This is > quite a security concern within my application. > > Is there a way to turn off the use of these clauses, or is my only > option to do some string processing on the user input to strip them > out if there is no text after them? I can't add the condition to the > define_index block using the where statement since it is a runtime > value. > > Any ideas on how I can handle this? > > Thanks, > > Simon > > > > -- ========================= Dan Pickett Principal Enlight Solutions, Inc http://EnlightSolutions.com http://www.twitter.com/dpickett --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en -~----------~----~----~----~------~----~------~--~---
