implementing-search-filter

The module is not actively malicious but contains serious security issues and a functional bug. Primary risk: unsanitized interpolation of untrusted input into SQL query strings (SQL injection) and unvalidated insertion of user input into Elasticsearch DSL (query manipulation / resource abuse). Additionally, _add_text_search contains a syntax error that prevents execution of that branch. Fix by using parameterized queries, input validation/escaping, and repairing the broken assignment. Do not execute printed SQL without sanitization.