From d0fcedcee6eece81dbf492daa23fbe96067403c8 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 8 Feb 2026 21:25:56 +0100
Subject: [PATCH] Fix search expansion with backslash fix
 https://github.com/FreshRSS/FreshRSS/issues/8495

---
 app/Models/Search.php           | 8 ++++++--
 tests/app/Models/SearchTest.php | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/Models/Search.php b/app/Models/Search.php
index aca21e558..b1dae8cc3 100644
--- a/app/Models/Search.php
+++ b/app/Models/Search.php
@@ -149,8 +149,12 @@ class FreshRSS_Search implements \Stringable {
 	}
 
 	private static function quote(string $s): string {
-		if (strpbrk($s, ' "\'\\/') !== false || $s === '') {
-			return '"' . addcslashes($s, '\\"') . '"';
+		if (str_starts_with($s, 'S:') || str_starts_with($s, 'search:')) {
+			// Discard user queries
+			return $s;
+		}
+		if (strpbrk($s, ' "\'\\/:') !== false || $s === '') {
+			return '"' . addcslashes($s, '"') . '"';
 		}
 		return $s;
 	}
diff --git a/tests/app/Models/SearchTest.php b/tests/app/Models/SearchTest.php
index 4d18606b0..cadc2633d 100644
--- a/tests/app/Models/SearchTest.php
+++ b/tests/app/Models/SearchTest.php
@@ -975,7 +975,7 @@ final class SearchTest extends \PHPUnit\Framework\TestCase {
 					userdate:2025-01-01T00:00:00/2026-01-01T00:00:00
 					pubdate:2025-02-01T00:00:00/2026-01-01T00:00:00
 					date:2025-03-01T00:00:00/2026-01-01T00:00:00
-					intitle:/<Inter&sting>/i intitle:"g ' & d"
+					intitle:/<Inter&sting>/i intitle:"g ' & d\\:"
 					intext:/<Inter&sting>/i intext:g&d
 					author:/Bob/ author:"/u/Alice" author:Alice
 					inurl:/https/ inurl:example.net