From a1c637e7acdbd97cd3aa7b63cb40b05f941071c4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 8 May 2026 09:04:57 +0200
Subject: [PATCH] Preventive measure against search ingestion (#8777)

We were not vulnerable to it, but here is an additional layer of security against search ingestions, in particular in public user queries, where someone could try to ingest a search like `) OR (interesting`
---
 app/Models/BooleanSearch.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Models/BooleanSearch.php b/app/Models/BooleanSearch.php
index 5a9148c6d..11e74056c 100644
--- a/app/Models/BooleanSearch.php
+++ b/app/Models/BooleanSearch.php
@@ -24,6 +24,8 @@ class FreshRSS_BooleanSearch implements \Stringable {
 		bool $expandUserQueries = true
 	) {
 		$input = trim($input);
+		$input = ltrim($input, ' )');
+		$input = rtrim($input, ' (\\');
 		if ($input === '') {
 			return;
 		}