* VRFS-2055 - escape keyword in hand-crafted SQL query\!

ruby/lib/jam_ruby/models/active_music_session.rb

@@ -395,7 +395,7 @@ module JamRuby
       query = query.where("music_sessions.genre_id = ?", genre) unless genre.blank?
       query = query.where('music_sessions.language = ?', lang) unless lang.blank?
       query = query.where('music_sessions.id = ?', session_id) unless session_id.blank?
-      query = query.where("(description_tsv @@ to_tsquery('jamenglish', ?))", keyword + ':*') unless keyword.blank?
+      query = query.where("(description_tsv @@ to_tsquery('jamenglish', ?))",  ActiveRecord::Base.connection.quote(keyword) + ':*') unless keyword.blank?
 
       if !day.blank? && !timezone_offset.blank?
         begin

ruby/lib/jam_ruby/models/music_session.rb

@@ -662,7 +662,7 @@ module JamRuby
       query = query.limit(limit)
       query = query.where("music_sessions.genre_id = ?", genre) unless genre.blank?
       query = query.where('music_sessions.language = ?', lang) unless lang.blank?
-      query = query.where("(description_tsv @@ to_tsquery('jamenglish', ?))", keyword + ':*') unless keyword.blank?
+      query = query.where("(description_tsv @@ to_tsquery('jamenglish', ?))", ActiveRecord::Base.connection.quote(keyword) + ':*') unless keyword.blank?
 
       if !day.blank? && !timezone_offset.blank?
         begin

ruby/spec/jam_ruby/models/active_music_session_spec.rb

@@ -482,6 +482,9 @@ describe ActiveMusicSession do
 
         music_sessions, user_search = ams(searcher_1, client_id: searcher_conn_1.client_id, keyword: 'bun')
         music_sessions.length.should == 2
+
+        music_sessions, user_search = ams(searcher_1, client_id: searcher_conn_1.client_id, keyword: 'bunny play')
+        music_sessions.length.should == 1
       end
 
       it "date" do

ruby/spec/jam_ruby/models/music_session_spec.rb

@@ -542,6 +542,40 @@ describe MusicSession do
         music_sessions, user_scores = sms(searcher, default_opts)
         music_sessions.length.should == 0
       end
+
+      describe "keywords" do
+        before(:each) do
+          creator.last_jam_locidispid = conn.locidispid
+          creator.save!
+          FactoryGirl.create(:music_session, creator: creator, scheduled_start: nil, description: 'chunky icecream for the fools')
+        end
+
+        it "handles single keyword" do
+          default_opts[:keyword] = 'chunky'
+          music_sessions, user_scores = sms(searcher, default_opts)
+          music_sessions.length.should == 1
+          user_scores.length.should == 1
+        end
+
+        it "handles two keyword" do
+          default_opts[:keyword] = 'chunky for'
+          music_sessions, user_scores = sms(searcher, default_opts)
+          music_sessions.length.should == 1
+          user_scores.length.should == 1
+        end
+
+        it "handles single quote" do
+          default_opts[:keyword] = "chun'ky fo'r"
+          music_sessions, user_scores = sms(searcher, default_opts)
+          music_sessions.length.should == 0
+          user_scores.length.should == 1
+
+          default_opts[:keyword] = "chunky for'"
+          music_sessions, user_scores = sms(searcher, default_opts)
+          music_sessions.length.should == 1
+          user_scores.length.should == 1
+        end
+      end
     end