From f05b7c0a8eb9195436276e107e9f10e3c7a513d2 Mon Sep 17 00:00:00 2001
From: Jens Kraemer <jk@jkraemer.net>
Date: Wed, 7 Jul 2021 14:40:22 +0800
Subject: [PATCH] tokenize query strings for Issue.like and Query#sql_contains

---
 app/models/issue.rb   |  3 +--
 app/models/query.rb   | 26 ++++++++++++++++++++------
 lib/redmine/search.rb | 26 +++++++++++++++++---------
 3 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 3b08fc43c..65c88f1a1 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -100,9 +100,8 @@ class Issue < ActiveRecord::Base
     ids.any? ? where(:assigned_to_id => ids) : none
   end)
   scope :like, (lambda do |q|
-    q = q.to_s
     if q.present?
-      where("LOWER(#{table_name}.subject) LIKE LOWER(?)", "%#{sanitize_sql_like q}%")
+      where(*::Query.tokenized_like_conditions("#{table_name}.subject", q))
     end
   end)
 
diff --git a/app/models/query.rb b/app/models/query.rb
index 7588d39b5..19a05250d 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -1440,12 +1440,26 @@ class Query < ActiveRecord::Base
     prefix = suffix = nil
     prefix = '%' if options[:ends_with]
     suffix = '%' if options[:starts_with]
-    prefix = suffix = '%' if prefix.nil? && suffix.nil?
-    value = queried_class.sanitize_sql_like value
-    queried_class.sanitize_sql_for_conditions([
-      Redmine::Database.like(db_field, '?', :match => options[:match]),
-      "#{prefix}#{value}#{suffix}"
-    ])
+    if prefix || suffix
+      value = queried_class.sanitize_sql_like value
+      queried_class.sanitize_sql_for_conditions([
+        Redmine::Database.like(db_field, '?', :match => options[:match]),
+        "#{prefix}#{value}#{suffix}"
+      ])
+    else
+      queried_class.sanitize_sql_for_conditions(
+        ::Query.tokenized_like_conditions(db_field, value, **options)
+      )
+    end
+  end
+
+  def self.tokenized_like_conditions(db_field, value, **options)
+    tokens = Redmine::Search::Tokenizer.new(value).tokens
+    tokens = [value] unless tokens.present?
+    sql, values = tokens.map do |token|
+      [Redmine::Database.like(db_field, '?', options), "%#{sanitize_sql_like token}%"]
+    end.transpose
+    [sql.join(" AND "), *values]
   end
 
   # Adds a filter for the given custom field
diff --git a/lib/redmine/search.rb b/lib/redmine/search.rb
index 3aeedbcd2..7eae79b5e 100644
--- a/lib/redmine/search.rb
+++ b/lib/redmine/search.rb
@@ -57,15 +57,7 @@ module Redmine
         @projects = projects
         @cache = options.delete(:cache)
         @options = options
-
-        # extract tokens from the question
-        # eg. hello "bye bye" => ["hello", "bye bye"]
-        @tokens = @question.scan(%r{((\s|^)"[^"]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
-        # tokens must be at least 2 characters long
-        # but for Chinese characters (Chinese HANZI/Japanese KANJI), tokens can be one character
-        @tokens = @tokens.uniq.select {|w| w.length > 1 || w =~ /\p{Han}/}
-        # no more than 5 tokens to search for
-        @tokens.slice! 5..-1
+        @tokens = Tokenizer.new(@question).tokens
       end
 
       # Returns the total result count
@@ -135,6 +127,22 @@ module Redmine
       end
     end
 
+    class Tokenizer
+      def initialize(question)
+        @question = question.to_s
+      end
+
+      def tokens
+        # extract tokens from the question
+        # eg. hello "bye bye" => ["hello", "bye bye"]
+        tokens = @question.scan(%r{((\s|^)"[^"]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
+        # tokens must be at least 2 characters long
+        # but for Chinese characters (Chinese HANZI/Japanese KANJI), tokens can be one character
+        # no more than 5 tokens to search for
+        tokens.uniq.select{|w| w.length > 1 || w =~ /\p{Han}/}.first 5
+      end
+    end
+
     module Controller
       def self.included(base)
         base.extend(ClassMethods)
-- 
2.20.1