BUGFIX: Use multi_match instead of query_string

gerhard-boden · gerhard-boden · commit 8beb99edde6b · 2019-06-25T18:22:02.000Z
By using ``multi_match`` instead of ``query_string`` within our search query, we prevent the accidental injection of Lucene search query strings. Currently an exception is thrown when adding ``"`` to your search query. Using ``multi_match`` instead should lead to the same quality of results and is less prone to user errors, because in 99% of cases the search is used for classic search terms and no end user is expected to know the compact Lucene query string syntax. see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-multi-match-query.html see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-query-string-query.html see: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl-query-string-query.html#query-string-syntax
diff --git a/Classes/Driver/Version5/Query/FilteredQuery.php b/Classes/Driver/Version5/Query/FilteredQuery.php
@@ -60,7 +60,7 @@ public function from(int $size): void
     public function fulltext(string $searchWord, array $options = []): void
     {
         $this->appendAtPath('query.bool.must', [
-            'query_string' => array_merge($options, [
+            'multi_match' => array_merge($options, [
                 'query' => $searchWord,
                 'fields' => ['__fulltext*']
             ])

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ public function from(int $size): void`
`60`	`60`	`public function fulltext(string $searchWord, array $options = []): void`
`61`	`61`	`{`
`62`	`62`	`$this->appendAtPath('query.bool.must', [`
`63`		`- 'query_string' => array_merge($options, [`
	`63`	`+ 'multi_match' => array_merge($options, [`
`64`	`64`	`'query' => $searchWord,`
`65`	`65`	`'fields' => ['__fulltext*']`
`66`	`66`	`])`