Merge pull request #981 from tdonohue/DS-2602

DS-2602 : Fix Title/Date browsing, also properly escape special characters in Solr

dspace-api/src/main/java/org/dspace/discovery/SearchService.java

@@ -113,4 +113,11 @@ public interface SearchService {
      * @return the indexed field
      */
     String toSortFieldIndex(String metadataField, String type);
+
+    /**
+     * Utility method to escape any special characters in a user's query
+     * @param query
+     * @return query with any special characters escaped
+     */
+    String escapeQueryChars(String query);
 }

dspace-api/src/main/java/org/dspace/discovery/SolrServiceImpl.java

@@ -1617,14 +1617,6 @@ public class SolrServiceImpl implements SearchService, IndexingService {
         if(discoveryQuery.getQuery() != null)
         {
         	query = discoveryQuery.getQuery();
-            if (query.contains(": "))
-            {
-                query = StringUtils.replace(query, ": ", "\\: ");
-            }
-            else if (query.endsWith(":"))
-            {
-                query = StringUtils.removeEnd(query, ":") + "\\:";
-            }
 		}
 
         solrQuery.setQuery(query);
@@ -2328,4 +2320,13 @@ public class SolrServiceImpl implements SearchService, IndexingService {
 			throw new SearchServiceException(e.getMessage(), e);
 		}
 	}
+
+    @Override
+    public String escapeQueryChars(String query) {
+        // Use Solr's built in query escape tool
+        // WARNING: You should only escape characters from user entered queries,
+        // otherwise you may accidentally BREAK field-based queries (which often
+        // rely on special characters to separate the field from the query value)
+        return ClientUtils.escapeQueryChars(query);
+    }
 }

dspace-jspui/src/main/java/org/dspace/app/webui/discovery/DiscoverUtility.java

@@ -225,6 +225,8 @@ public class DiscoverUtility
         String query = request.getParameter("query");
         if (StringUtils.isNotBlank(query))
         {
+            // Escape any special characters in this user-entered query
+            query = SearchUtils.getSearchService().escapeQueryChars(query);
             queryArgs.setQuery(query);
         }
 

dspace-xmlui/src/main/java/org/dspace/app/xmlui/aspect/discovery/AbstractSearch.java

@@ -723,11 +723,11 @@ public abstract class AbstractSearch extends AbstractDSpaceTransformer implement
         {
             return;
         }
-        
 
         String query = getQuery();
 
-        //DSpaceObject scope = getScope();
+        // Escape any special characters in this user-entered query
+        query = DiscoveryUIUtils.escapeQueryChars(query);
 
         int page = getParameterPage();
 

dspace-xmlui/src/main/java/org/dspace/app/xmlui/aspect/discovery/DiscoveryUIUtils.java

@@ -96,4 +96,20 @@ public class DiscoveryUIUtils {
         }
         return new ArrayList<String>(result.values());
     }
+
+    /**
+     * Escape special characters in a user-entered query, based on the
+     * underlying search service.
+     * <P>
+     * WARNING: This likely shouldn't be used in field-based queries
+     * (e.g. search/browse by title) as it may unintentionally escape the
+     * special characters used to denote fields (e.g. ":").
+     *
+     * @param query
+     * @return query with special characters escaped
+     */
+    public static String escapeQueryChars(String query)
+    {
+        return searchService.escapeQueryChars(query);
+    }
 }

dspace-xmlui/src/main/java/org/dspace/app/xmlui/aspect/discovery/SidebarFacetsTransformer.java

@@ -157,6 +157,8 @@ public class SidebarFacetsTransformer extends AbstractDSpaceTransformer implemen
         //If we are on a search page performing a search a query may be used
         String query = request.getParameter("query");
         if(query != null && !"".equals(query)){
+            // Escape any special characters in this user-entered query
+            query = DiscoveryUIUtils.escapeQueryChars(query);
             queryArgs.setQuery(query);
         }