From 11f315c458d20411261cba41efece6188c1f62b4 Mon Sep 17 00:00:00 2001
From: Gilles Crettenand <gilles@crettenand.info>
Date: Tue, 19 May 2015 12:22:49 +0200
Subject: [PATCH] Escape solr query, better query type management

---
 lib/BookSearch.php   | 7 +++++--
 mobile.netbiblio.php | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/BookSearch.php b/lib/BookSearch.php
index 50cdf93..2ae3de3 100644
--- a/lib/BookSearch.php
+++ b/lib/BookSearch.php
@@ -29,10 +29,13 @@ class BookSearch
         $this->query->addParam('q.op', 'AND');
     }
 
-    public function addQuery($queryText, $queryField = '')
+    public function addQuery($queryText, $queryField = null)
     {
-        if ($queryField != '')
+        $queryText= SolrUtils::escapeQueryChars($queryText);
+
+        if (strlen($queryField) > 0) {
             $queryText = "$queryField:\"$queryText\"";
+        }
 
         $this->queryParts[] = $queryText;
     }
diff --git a/mobile.netbiblio.php b/mobile.netbiblio.php
index 770e1ec..032b9c2 100644
--- a/mobile.netbiblio.php
+++ b/mobile.netbiblio.php
@@ -328,7 +328,8 @@ class NetBiblio extends WebService
         }
 
         if (isset($queryArray['queryText']) && strlen($queryArray['queryText']) > 0) {
-            $bs->addQuery($queryArray['queryText'], $queryArray['queryType']);
+            $type = isset($queryArray['queryType']) ? $queryArray['queryType'] : null;
+            $bs->addQuery($queryArray['queryText'], $type);
         }
 
         if(isset($queryArray['reader']) && strlen($queryArray['reader']) > 0) {