making obs_search a bit more secure

src/pg/sql/42_observatory_exploration.sql

@@ -3,7 +3,7 @@
 -- TODO allow the user to specify the boundary to search for measures
 --
 
-CREATE OR REPLACE FUNCTION cdb_observatory.OBS_Search(
+CREATE OR REPLACE FUNCTION cdb_observatory.OBS_Search_STU(
   search_term text,
   relevant_boundary text DEFAULT null
 )
@@ -24,10 +24,21 @@ BEGIN
                   aggregate,
                   replace(split_part(id,'".', 1),'"', '') source
                   FROM observatory.OBS_column
-                  where name ilike '%%%s%%'
+                  where name ilike '%'|| %L || '%'
-                  or description ilike '%%%s%%'
+                  or description ilike '%'|| %L || '%'
                   %s
                 $string$, search_term, search_term,boundary_term);
   RETURN;
 END
 $$ LANGUAGE plpgsql;
+
+
+CREATE OR REPLACE FUNCTION OBS_GetAvailableBoundaries(geometry location)
+RETURNS TABLE(description text, name text, id text)  as $$
+BEGIN
+  RETURN QUERY
+  EXECUTE format($string$
+    Select description, name, id FROM observatory.OBS_column
+  $string$)
+END
+$$