fix users#user_jump_suggest: escape % and _, not delete

author: Rhenium <rhenium@rhe.jp> 2014-03-10 19:11:08 +0900
committer: Rhenium <rhenium@rhe.jp> 2014-03-10 19:11:08 +0900
commit: e56c678cae491ff594795829d2d98e854a460d26 (patch)
tree: 066f72f4e9812d38288ca1f564817252be2656eb /app/controllers/users_controller.rb
parent: 7f35e6c11be4555523e7155dd44ba546365958bf (diff)
download: aclog-e56c678cae491ff594795829d2d98e854a460d26.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9a45d1d..01f27db 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -18,7 +18,8 @@ class UsersController < ApplicationController
   end
 
   def user_jump_suggest
-    users = User.where("screen_name LIKE ?", "#{params[:head].to_s.delete("%_")}%").order(screen_name: :asc).limit(10)
+    q = params[:head].to_s.gsub(/(_|%)/) {|x| "\\" + x }
+    users = User.where("screen_name LIKE ?", "#{q}%").order(screen_name: :asc).limit(10)
     filtered = users.map {|user| { name: user.name, screen_name: user.screen_name, profile_image_url: user.profile_image_url_mini } }
     render json: filtered
   end
author	Rhenium <rhenium@rhe.jp>	2014-03-10 19:11:08 +0900
committer	Rhenium <rhenium@rhe.jp>	2014-03-10 19:11:08 +0900
commit	e56c678cae491ff594795829d2d98e854a460d26 (patch)
tree	066f72f4e9812d38288ca1f564817252be2656eb /app/controllers/users_controller.rb
parent	7f35e6c11be4555523e7155dd44ba546365958bf (diff)
download	aclog-e56c678cae491ff594795829d2d98e854a460d26.tar.gz