Revision 106
Added by stefan about 19 years ago
| search.php | ||
|---|---|---|
| 42 | 42 |
$string=$_REQUEST['string']; |
| 43 | 43 |
} |
| 44 | 44 |
// reverse potential magic_quotes action |
| 45 |
$original_string=$this->strip_slashes($string);
|
|
| 45 |
$original_string=$wb->strip_slashes($string);
|
|
| 46 | 46 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
| 47 |
$string = addslashes($this->escape_backslashes($original_string));
|
|
| 47 |
$string = addslashes($wb->escape_backslashes($original_string));
|
|
| 48 | 48 |
// then escape for mySQL query |
| 49 | 49 |
$search_string = htmlspecialchars($original_string,ENT_QUOTES); |
| 50 | 50 |
} else {
|
| ... | ... | |
| 105 | 105 |
// Replace vars in search settings with values |
| 106 | 106 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
|
| 107 | 107 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']); |
| 108 |
$search_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_footer['value']));
|
|
| 109 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_header['value']));
|
|
| 110 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_footer['value']));
|
|
| 108 |
$search_footer = str_replace($vars, $values, ($fetch_footer['value'])); |
|
| 109 |
$search_results_header = str_replace($vars, $values, ($fetch_results_header['value'])); |
|
| 110 |
$search_results_footer = str_replace($vars, $values, ($fetch_results_footer['value'])); |
|
| 111 | 111 |
// Do extra vars/values replacement |
| 112 | 112 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
|
| 113 | 113 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked); |
| 114 |
$search_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_header['value']));
|
|
| 114 |
$search_header = str_replace($vars, $values, ($fetch_header['value'])); |
|
| 115 | 115 |
|
| 116 | 116 |
// Insert js code |
| 117 | 117 |
?> |
| ... | ... | |
| 160 | 160 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 161 | 161 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 162 | 162 |
} |
| 163 |
$values = array($link, $this->strip_slashes_dummy($page['page_title']),$this->strip_slashes_dummy($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 163 |
$values = array($link, ($page['page_title']),($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 164 | 164 |
// Show loop code with vars replaced by values |
| 165 | 165 |
if($values != array()) {
|
| 166 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
| 166 |
echo str_replace($vars, $values, ($fetch_results_loop['value'])); |
|
| 167 | 167 |
} |
| 168 | 168 |
// Say that we have already listed this page id |
| 169 | 169 |
$pages_listed[$page['page_id']] = true; |
| ... | ... | |
| 186 | 186 |
// Fetch query start |
| 187 | 187 |
$fetch_query_start = $get_query_start->fetchRow(); |
| 188 | 188 |
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
|
| 189 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes_dummy($fetch_query_start['value']));
|
|
| 189 |
$query_start = str_replace('[TP]', TABLE_PREFIX, ($fetch_query_start['value']));
|
|
| 190 | 190 |
// Get query end |
| 191 | 191 |
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
|
| 192 | 192 |
if($get_query_end->numRows() > 0) {
|
| 193 | 193 |
// Fetch query start |
| 194 | 194 |
$fetch_query_end = $get_query_end->fetchRow(); |
| 195 | 195 |
// Set query end |
| 196 |
$query_end = $this->strip_slashes_dummy($fetch_query_end['value']);
|
|
| 196 |
$query_end = ($fetch_query_end['value']); |
|
| 197 | 197 |
// Get query body |
| 198 | 198 |
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
|
| 199 | 199 |
if($get_query_body->numRows() > 0) {
|
| 200 | 200 |
// Fetch query start |
| 201 | 201 |
$fetch_query_body = $get_query_body->fetchRow(); |
| 202 | 202 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 203 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes_dummy($fetch_query_body['value']));
|
|
| 203 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), ($fetch_query_body['value']));
|
|
| 204 | 204 |
// Loop through query body for each string, then combine with start and end |
| 205 | 205 |
$prepared_query = $query_start; |
| 206 | 206 |
$count = 0; |
| ... | ... | |
| 228 | 228 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 229 | 229 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 230 | 230 |
} |
| 231 |
$values = array($link, $this->strip_slashes_dummy($page[$fields['title']]), $this->strip_slashes_dummy($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 231 |
$values = array($link, ($page[$fields['title']]), ($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 232 | 232 |
// Show loop code with vars replaced by values |
| 233 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
| 233 |
echo str_replace($vars, $values, ($fetch_results_loop['value'])); |
|
| 234 | 234 |
// Say that this page or item has been listed if we can |
| 235 | 235 |
if(isset($fields['page_id'])) {
|
| 236 | 236 |
$pages_listed[$page[$fields['page_id']]] = true; |
Also available in: Unified diff
Renamed compatibility.php to frontend.functions.php.
Moved frontend functions from class frontend to frontend.functions.php.
Removed instances of strip_slashes_dummy. Replaced $this by $wb in a couple of places.
Created file initialize.php, where all initializations now take place (moved from class wb constructor).