From 944d5db9b749a955d3f762936635c05515ab5d51 Mon Sep 17 00:00:00 2001
From: Baptiste Grob <60621355+baptiste-grob@users.noreply.github.com>
Date: Mon, 22 Feb 2021 12:01:29 +0100
Subject: [PATCH] fix: only match protected note title

---
 .../javascripts/views/notes/note_utils.ts     | 42 ++++++++++++-------
 1 file changed, 26 insertions(+), 16 deletions(-)

diff --git a/app/assets/javascripts/views/notes/note_utils.ts b/app/assets/javascripts/views/notes/note_utils.ts
index 7ddb91a73..6f8265982 100644
--- a/app/assets/javascripts/views/notes/note_utils.ts
+++ b/app/assets/javascripts/views/notes/note_utils.ts
@@ -5,44 +5,54 @@ export function notePassesFilter(
   showArchived: boolean,
   hidePinned: boolean,
   filterText: string
-) {
-
+): boolean {
   const canShowArchived = showArchived;
   const canShowPinned = !hidePinned;
-  if (
-    (note.archived && !canShowArchived) ||
-    (note.pinned && !canShowPinned)
-  ) {
+  if ((note.archived && !canShowArchived) || (note.pinned && !canShowPinned)) {
     return false;
   }
-  return noteMatchesQuery(note, filterText);
+  if (note.protected) {
+    const match = noteMatchesQuery(note, filterText);
+    /** Only match title to prevent leaking protected note text */
+    return match === Match.Title || match === Match.TitleAndText;
+  } else {
+    return noteMatchesQuery(note, filterText) !== Match.None;
+  }
 }
 
-function noteMatchesQuery(
-  note: SNNote,
-  query: string
-) {
+enum Match {
+  None = 0,
+  Title = 1,
+  Text = 2,
+  TitleAndText = Title + Text,
+  Uuid = 5,
+}
+
+function noteMatchesQuery(note: SNNote, query: string): Match {
   if (query.length === 0) {
-    return true;
+    return Match.TitleAndText;
   }
   const title = note.safeTitle().toLowerCase();
   const text = note.safeText().toLowerCase();
   const lowercaseText = query.toLowerCase();
+  const words = lowercaseText.split(' ');
   const quotedText = stringBetweenQuotes(lowercaseText);
   if (quotedText) {
-    return title.includes(quotedText) || text.includes(quotedText);
+    return (
+      (title.includes(quotedText) ? Match.Title : Match.None) +
+      (text.includes(quotedText) ? Match.Text : Match.None)
+    );
   }
   if (stringIsUuid(lowercaseText)) {
-    return note.uuid === lowercaseText;
+    return note.uuid === lowercaseText ? Match.Uuid : Match.None;
   }
-  const words = lowercaseText.split(" ");
   const matchesTitle = words.every((word) => {
     return title.indexOf(word) >= 0;
   });
   const matchesBody = words.every((word) => {
     return text.indexOf(word) >= 0;
   });
-  return matchesTitle || matchesBody;
+  return (matchesTitle ? Match.Title : 0) + (matchesBody ? Match.Text : 0);
 }
 
 function stringBetweenQuotes(text: string) {