From 4ce72fa712918934fec019743dabc3387b2b6bcc Mon Sep 17 00:00:00 2001
From: neobooru <50623835+neobooru@users.noreply.github.com>
Date: Mon, 12 Apr 2021 10:42:58 +0200
Subject: [PATCH] client/tags: escape dots in search term and don't allow '.'
 and '..' as tags

---
 client/js/controls/tag_input_control.js | 3 ++-
 client/js/util/misc.js                  | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/client/js/controls/tag_input_control.js b/client/js/controls/tag_input_control.js
index 2207f416..1ac1cb3e 100644
--- a/client/js/controls/tag_input_control.js
+++ b/client/js/controls/tag_input_control.js
@@ -163,7 +163,8 @@ class TagInputControl extends events.EventTarget {
 
     addTagByName(name, source) {
         name = name.trim();
-        if (!name) {
+        // Tags `.` and `..` are not allowed, see https://github.com/rr-/szurubooru/pull/390
+        if (!name || name == "." || name == "..") {
             return;
         }
         return Tag.get(name).then(
diff --git a/client/js/util/misc.js b/client/js/util/misc.js
index 4f9d6d33..756ad84b 100644
--- a/client/js/util/misc.js
+++ b/client/js/util/misc.js
@@ -187,7 +187,7 @@ function arraysDiffer(source1, source2, orderImportant) {
 }
 
 function escapeSearchTerm(text) {
-    return text.replace(/([a-z_-]):/g, "$1\\:");
+    return text.replace(/([a-z_-]):/g, "$1\\:").replace(/\./g, "\\.");
 }
 
 function dataURItoBlob(dataURI) {