From e64e45db545242f033d6cb9636f61ab25e9a3ef2 Mon Sep 17 00:00:00 2001
From: winniehell <git@winniehell.de>
Date: Wed, 7 Sep 2016 15:16:22 +0200
Subject: [PATCH] Escape search term before passing it to Regexp.new (!6241)

---
 CHANGELOG                    | 1 +
 app/helpers/search_helper.rb | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 07b6e1298e4..31f26af4e51 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,7 @@ v 8.12.0 (unreleased)
   - Change logo animation to CSS (ClemMakesApps)
   - Instructions for enabling Git packfile bitmaps !6104
   - Fix pagination on user snippets page
+  - Escape search term before passing it to Regexp.new !6241 (winniehell)
   - Change merge_error column from string to text type
   - Reduce contributions calendar data payload (ClemMakesApps)
   - Add `web_url` field to issue, merge request, and snippet API objects (Ben Boeckel)
diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb
index 4549c2e5bb6..e523c46e879 100644
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -7,8 +7,10 @@ module SearchHelper
       projects_autocomplete(term)
     ].flatten
 
+    search_pattern = Regexp.new(Regexp.escape(term), "i")
+
     generic_results = project_autocomplete + default_autocomplete + help_autocomplete
-    generic_results.select! { |result| result[:label] =~ Regexp.new(term, "i") }
+    generic_results.select! { |result| result[:label] =~ search_pattern }
 
     [
       resources_results,