BUGFIX: Use multi_match instead of query_string

gerhard-boden · gerhard-boden · commit 3f9060569cb9 · 2019-06-25T18:29:35.000Z
By using ``multi_match`` instead of ``query_string`` within our search query, we prevent the accidental injection of Lucene search query strings. Currently an exception is thrown when adding ``"`` to your search query. Using ``multi_match`` instead should lead to the same quality of results and is less prone to user errors, because in 99% of cases the search is used for classic search terms and no end user is expected to know the compact Lucene query string syntax. see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-multi-match-query.html see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-query-string-query.html see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-query-string-query.html#query-string-syntax
diff --git a/Classes/Driver/Version5/Query/FilteredQuery.php b/Classes/Driver/Version5/Query/FilteredQuery.php
@@ -61,6 +61,7 @@ public function fulltext(string $searchWord, array $options = []): void
     {
         $this->appendAtPath('query.bool.must', [
             'query_string' => array_merge($options, [
+//            'multi_match' => array_merge($options, [
                 'query' => $searchWord,
                 'fields' => ['__fulltext*']
             ])

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ public function fulltext(string $searchWord, array $options = []): void`
`61`	`61`	`{`
`62`	`62`	`$this->appendAtPath('query.bool.must', [`
`63`	`63`	`'query_string' => array_merge($options, [`
	`64`	`+// 'multi_match' => array_merge($options, [`
`64`	`65`	`'query' => $searchWord,`
`65`	`66`	`'fields' => ['__fulltext*']`
`66`	`67`	`])`