Fix search issue with special characters, and escape them in SQL. #844 (

#846)

* Fix search issue with special characters, and escape them in SQL. #844

* Update functions_entries.inc.php

Co-authored-by: Garvin Hicking <[email protected]>

* Update functions_entries.inc.php

Co-authored-by: Garvin Hicking <[email protected]>

* #844 Simplify code removing If statement because we escape term search anyway + change alias to mysqli_real_escape_string

* Issue #844 Bring back if statement to switch over boolean mode or not + change regex to only catch BOOLEAN Operator that prefix a word

* Update regex boolean mode is trigger only on operator followed by words

* Fix typo on regex

* #844 add another regex to avoid boolean operator alone that could lead to error

---------

Co-authored-by: Garvin Hicking <[email protected]>
Co-authored-by: Garvin Hicking <[email protected]>

include/db/mysqli.inc.php

@@ -189,7 +189,7 @@ function serendipity_db_matched_rows() {
  */
 function serendipity_db_escape_string($string) {
     global $serendipity;
-    return mysqli_escape_string($serendipity['dbConn'], $string);
+    return mysqli_real_escape_string($serendipity['dbConn'], $string);
 }
 
 /**

include/functions_entries.inc.php

@@ -882,7 +882,7 @@ function &serendipity_searchEntries($term, $limit = '', $searchresults = '') {
         $cond['distinct'] = '';
         $term             = str_replace('"', '"', $term);
         $relevance_enabled = true;
-        if (preg_match('@["\+\-\*~<>\(\)]+@', $term)) {
+        if (preg_match('@[\+\-\*~<>\(\)"].[\S]*@', $term) && preg_match('@\s*[\+\-\*~<>\(\)]\s*$@', $term) === 0 ) {
             $cond['find_part'] = "MATCH(title,body,extended) AGAINST('$term' IN BOOLEAN MODE)";
         } else {
             $cond['find_part'] = "MATCH(title,body,extended) AGAINST('$term')";