Solarium\Core\Query\Helper::escapeTerm() has to quote reserved terms (#1079)

mkalkbrenner · web-flow · commit ff7c5f124742 · 2023-06-22T15:48:28.000+02:00
Solarium\Core\Query\Helper::escapeTerm() has to quote reserved terms `AND`, `OR`, `TO` closes #1078
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Solarium\QueryType\Extract\Query::setFile() now supports file pointer resources
 - Solarium\QueryType\Extract\Result::getFile() and getFileMetadata() to access the retrieved data for `extractOnly=true`
 
+### Fixed
+- Solarium\Core\Query\Helper::escapeTerm() has to quote reserved terms `AND`, `OR`, `TO`
+
 ### Changed
 - Solarium\Core\Client\Endpoint::setAuthentication() marks $password as #[\SensitiveParameter] (PHP 8 >= 8.2.0)
 - Solarium\Core\Client\Endpoint::setAuthorizationToken() marks $token as #[\SensitiveParameter] (PHP 8 >= 8.2.0)
diff --git a/src/Core/Query/Helper.php b/src/Core/Query/Helper.php
@@ -75,9 +75,11 @@ public function __construct(QueryInterface $query = null)
      */
     public function escapeTerm(string $input): string
     {
-        $pattern = '/( |\+|-|&&|\|\||!|\(|\)|\{|}|\[|]|\^|"|~|\*|\?|:|\/|\\\)/';
+        if (preg_match('/(^|\s)(AND|OR|TO)($|\s)/', strtoupper($input), $matches)) {
+            return $this->escapePhrase($input);
+        }
 
-        return preg_replace($pattern, '\\\$1', $input);
+        return preg_replace('/( |\+|-|&&|\|\||!|\(|\)|\{|}|\[|]|\^|"|~|\*|\?|:|\/|\\\)/', '\\\$1', $input);
     }
 
     /**
diff --git a/tests/Core/Query/HelperTest.php b/tests/Core/Query/HelperTest.php
@@ -435,6 +435,17 @@ public function escapeTermProvider(): array
             ':' => ['a:b', 'a\\:b'],
             '/' => ['a/b', 'a\\/b'],
             '\\' => ['a\b', 'a\\\b'],
+            'and' => ['and', '"and"'],
+            'AND' => ['AND', '"AND"'],
+            'or' => ['or', '"or"'],
+            'OR' => ['OR', '"OR"'],
+            'to' => ['to', '"to"'],
+            'TO' => ['TO', '"TO"'],
+            ' AnD ' => [' AnD ', '" AnD "'],
+            'AND or' => ['AND or', '"AND or"'],
+            'Animals and plants' => ['Animals and plants', '"Animals and plants"'],
+            'boring' => ['boring', 'boring'],
+            'Band' => ['Band', 'Band'],
         ];
     }
 

Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,11 @@ public function __construct(QueryInterface $query = null)`
`75`	`75`	`*/`
`76`	`76`	`public function escapeTerm(string $input): string`
`77`	`77`	`{`
`78`		`- $pattern = '/( \|\+\|-\|&&\|\\|\\|\|!\|\(\|\)\|\{\|}\|\[\|]\|\^\|"\|~\|\*\|\?\|:\|\/\|\\\)/';`
	`78`	`+ if (preg_match('/(^\|\s)(AND\|OR\|TO)($\|\s)/', strtoupper($input), $matches)) {`
	`79`	`+ return $this->escapePhrase($input);`
	`80`	`+ }`
`79`	`81`
`80`		`- return preg_replace($pattern, '\\\$1', $input);`
	`82`	`+ return preg_replace('/( \|\+\|-\|&&\|\\|\\|\|!\|\(\|\)\|\{\|}\|\[\|]\|\^\|"\|~\|\*\|\?\|:\|\/\|\\\)/', '\\\$1', $input);`
`81`	`83`	`}`
`82`	`84`
`83`	`85`	`/**`