From 4d7067b38122545a7d1c1ca5ae2a8c9f74bcd237 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 21 Jun 2021 11:15:57 -0400
Subject: [PATCH] Remove at sign (@) from fulltext query string

- InnoDB uses it as a special character and it can't be escaped
---
 src/classes/Controllers/Api/MatchSearch.php | 2 ++
 src/classes/Controllers/Api/Search.php      | 2 ++
 src/classes/Controllers/Web/Search.php      | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/src/classes/Controllers/Api/MatchSearch.php b/src/classes/Controllers/Api/MatchSearch.php
index 98ce0f5..28971ae 100644
--- a/src/classes/Controllers/Api/MatchSearch.php
+++ b/src/classes/Controllers/Api/MatchSearch.php
@@ -48,6 +48,8 @@ class MatchSearch
 		$pager->setPage(filter_input(INPUT_POST, 'p', FILTER_SANITIZE_NUMBER_INT));
 
 		$sql_where = "MATCH (p.`tags`) AGAINST (:query)";
+		// At sign (@) is a reserved symbol in InnoDB full-text search, it can't be escaped
+		$query = str_replace('@', ' ', $query);
 
 		$values = ['query' => $query];
 
diff --git a/src/classes/Controllers/Api/Search.php b/src/classes/Controllers/Api/Search.php
index bfe1e9c..a27fa82 100644
--- a/src/classes/Controllers/Api/Search.php
+++ b/src/classes/Controllers/Api/Search.php
@@ -51,6 +51,8 @@ class Search
 		} else {
 			$sql_where = "MATCH (p.`name`, p.`pdesc`, p.`username`, p.`locality`, p.`region`, p.`country`, p.`tags` )
 AGAINST (:query IN BOOLEAN MODE)";
+			// At sign (@) is a reserved symbol in InnoDB full-text search, it can't be escaped
+			$query = str_replace('@', ' ', $query);
 		}
 
 		$values = ['query' => $query];
diff --git a/src/classes/Controllers/Web/Search.php b/src/classes/Controllers/Web/Search.php
index 8949441..d70925a 100644
--- a/src/classes/Controllers/Web/Search.php
+++ b/src/classes/Controllers/Web/Search.php
@@ -73,6 +73,8 @@ class Search extends BaseController
 		} else {
 			$sql_where = "MATCH (p.`name`, p.`pdesc`, p.`username`, p.`locality`, p.`region`, p.`country`, p.`tags` )
 AGAINST (:query IN BOOLEAN MODE)";
+			// At sign (@) is a reserved symbol in InnoDB full-text search, it can't be escaped
+			$query = str_replace('@', ' ', $query);
 		}
 
 		$values = ['query' => $query];