From 8610922de283f616dd0394720a45688fc235d400 Mon Sep 17 00:00:00 2001
From: Maksym Mykhailenko <maxceem@gmail.com>
Date: Thu, 16 May 2019 18:29:21 +0800
Subject: [PATCH] properly quote and escape query to member service

---
 connect/service.js        | 2 +-
 src/common/tcApiHelper.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/connect/service.js b/connect/service.js
index 10a416c..adff1db 100644
--- a/connect/service.js
+++ b/connect/service.js
@@ -166,7 +166,7 @@ const getUsersById = (ids) => {
  * @return {Promise}   resolves to the list of user details
  */
 const getUsersByHandle = (handles) => {
-  const query = _.map(handles, (handle) => 'handle:' + handle).join(' OR ');
+  const query = _.map(handles, (handle) => 'handle:"' + handle.trim().replace('"', '\\"') + '"').join(' OR ');
   return M2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET)
     .catch((err) => {
       err.message = 'Error generating m2m token: ' + err.message;
diff --git a/src/common/tcApiHelper.js b/src/common/tcApiHelper.js
index d0bc56f..37ef659 100644
--- a/src/common/tcApiHelper.js
+++ b/src/common/tcApiHelper.js
@@ -83,7 +83,7 @@ function* getUsersByHandles(handles) {
     return [];
   }
   // use 'OR' to link the handle matches
-  const query = _.map(handles, (h) => 'handle:"' + h.trim() + '"').join(' OR ');
+  const query = _.map(handles, (h) => 'handle:"' + h.trim().replace('"', '\\"')  + '"').join(' OR ');
   return yield searchUsersByQuery(query);
 }