From e682997195eb2ef759f964a3d6d464431ffa9331 Mon Sep 17 00:00:00 2001
From: Yura Bondarenko <yura.bondarenko@atmire.com>
Date: Tue, 4 May 2021 10:34:05 +0200
Subject: [PATCH] 78991: URI-encode SearchOptions query values

---
 .../paginated-search-options.model.spec.ts    | 13 +++++++----
 .../search/search-options.model.spec.ts       | 16 +++++++++----
 src/app/shared/search/search-options.model.ts | 23 ++++++++++++++-----
 3 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/src/app/shared/search/paginated-search-options.model.spec.ts b/src/app/shared/search/paginated-search-options.model.spec.ts
index b75d2b8fab..2b8fe7aeb5 100644
--- a/src/app/shared/search/paginated-search-options.model.spec.ts
+++ b/src/app/shared/search/paginated-search-options.model.spec.ts
@@ -8,7 +8,11 @@ describe('PaginatedSearchOptions', () => {
   let options: PaginatedSearchOptions;
   const sortOptions = new SortOptions('test.field', SortDirection.DESC);
   const pageOptions = Object.assign(new PaginationComponentOptions(), { pageSize: 40, page: 1 });
-  const filters = [new SearchFilter('f.test', ['value']), new SearchFilter('f.example', ['another value', 'second value'])];
+  const filters = [
+    new SearchFilter('f.test', ['value']),
+    new SearchFilter('f.example', ['another value', 'second value']),
+    new SearchFilter('f.range', ['[2002 TO 2021]'], 'equals'),
+  ];
   const query = 'search query';
   const scope = '0fde1ecb-82cc-425a-b600-ac3576d76b47';
   const baseUrl = 'www.rest.com';
@@ -31,12 +35,13 @@ describe('PaginatedSearchOptions', () => {
         'sort=test.field,DESC&' +
         'page=0&' +
         'size=40&' +
-        'query=search query&' +
+        'query=search%20query&' +
         'scope=0fde1ecb-82cc-425a-b600-ac3576d76b47&' +
         'dsoType=ITEM&' +
         'f.test=value&' +
-        'f.example=another value&' +
-        'f.example=second value'
+        'f.example=another%20value&' +
+        'f.example=second%20value&' +
+        'f.range=%5B2002%20TO%202021%5D,equals'
       );
     });
 
diff --git a/src/app/shared/search/search-options.model.spec.ts b/src/app/shared/search/search-options.model.spec.ts
index 62fe732218..d20ebac6bf 100644
--- a/src/app/shared/search/search-options.model.spec.ts
+++ b/src/app/shared/search/search-options.model.spec.ts
@@ -4,8 +4,13 @@ import { SearchFilter } from './search-filter.model';
 import { DSpaceObjectType } from '../../core/shared/dspace-object-type.model';
 
 describe('SearchOptions', () => {
-  let options: PaginatedSearchOptions;
-  const filters = [new SearchFilter('f.test', ['value']), new SearchFilter('f.example', ['another value', 'second value'])];
+  let options: SearchOptions;
+
+  const filters = [
+    new SearchFilter('f.test', ['value']),
+    new SearchFilter('f.example', ['another value', 'second value']),
+    new SearchFilter('f.range', ['[2002 TO 2021]'], 'equals'),
+  ];
   const query = 'search query';
   const scope = '0fde1ecb-82cc-425a-b600-ac3576d76b47';
   const baseUrl = 'www.rest.com';
@@ -18,12 +23,13 @@ describe('SearchOptions', () => {
     it('should generate a string with all parameters that are present', () => {
       const outcome = options.toRestUrl(baseUrl);
       expect(outcome).toEqual('www.rest.com?' +
-        'query=search query&' +
+        'query=search%20query&' +
         'scope=0fde1ecb-82cc-425a-b600-ac3576d76b47&' +
         'dsoType=ITEM&' +
         'f.test=value&' +
-        'f.example=another value&' +
-        'f.example=second value'
+        'f.example=another%20value&' +
+        'f.example=second%20value&' +
+        'f.range=%5B2002%20TO%202021%5D,equals'
       );
     });
 
diff --git a/src/app/shared/search/search-options.model.ts b/src/app/shared/search/search-options.model.ts
index 053b9225f7..fad4002caf 100644
--- a/src/app/shared/search/search-options.model.ts
+++ b/src/app/shared/search/search-options.model.ts
@@ -38,27 +38,38 @@ export class SearchOptions {
    */
   toRestUrl(url: string, args: string[] = []): string {
     if (isNotEmpty(this.configuration)) {
-      args.push(`configuration=${this.configuration}`);
+      args.push(`configuration=${encodeURIComponent(this.configuration)}`);
     }
     if (isNotEmpty(this.fixedFilter)) {
-      args.push(this.fixedFilter);
+      let fixedFilter: string;
+      const match = this.fixedFilter.match(/^([^=]+=)(.+)$/);
+
+      if (match) {
+        fixedFilter = match[1] + encodeURIComponent(match[2]);
+      } else {
+        fixedFilter = encodeURIComponent(this.fixedFilter);
+      }
+
+      args.push(fixedFilter);
     }
     if (isNotEmpty(this.query)) {
-      args.push(`query=${this.query}`);
+      args.push(`query=${encodeURIComponent(this.query)}`);
     }
     if (isNotEmpty(this.scope)) {
-      args.push(`scope=${this.scope}`);
+      args.push(`scope=${encodeURIComponent(this.scope)}`);
     }
     if (isNotEmpty(this.dsoTypes)) {
       this.dsoTypes.forEach((dsoType: string) => {
-        args.push(`dsoType=${dsoType}`);
+        args.push(`dsoType=${encodeURIComponent(dsoType)}`);
       });
     }
     if (isNotEmpty(this.filters)) {
       this.filters.forEach((filter: SearchFilter) => {
         filter.values.forEach((value) => {
           const filterValue = value.includes(',') ? `${value}` : value + (filter.operator ? ',' + filter.operator : '');
-          args.push(`${filter.key}=${filterValue}`);
+
+          // we don't want commas to get URI-encoded
+          args.push(`${filter.key}=${encodeURIComponent(filterValue).replace(/%2C/g, ',')}`);
         });
       });
     }