Revision 42
Added by stefan about 20 years ago
| search.php | ||
|---|---|---|
| 38 | 38 |
if(isset($_REQUEST['string'])) {
|
| 39 | 39 |
if ($_REQUEST['match']!='exact') {
|
| 40 | 40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
| 41 |
} |
|
| 41 |
} else {
|
|
| 42 |
$string=$_REQUEST['string']; |
|
| 43 |
} |
|
| 42 | 44 |
// reverse potential magic_quotes action |
| 43 | 45 |
$original_string=$this->strip_slashes($string); |
| 44 | 46 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
| ... | ... | |
| 54 | 56 |
$all_checked = ''; |
| 55 | 57 |
$any_checked = ''; |
| 56 | 58 |
$exact_checked = ''; |
| 57 |
if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
|
|
| 59 |
if($_REQUEST['match'] != 'exact') {
|
|
| 58 | 60 |
// Split string into array with explode() function |
| 59 | 61 |
$exploded_string = explode(' ', $string);
|
| 60 | 62 |
// Make sure there is no blank values in the array |
| ... | ... | |
| 103 | 105 |
// Replace vars in search settings with values |
| 104 | 106 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
|
| 105 | 107 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']); |
| 106 |
$search_footer = str_replace($vars, $values, $this->strip_slashes($fetch_footer['value'])); |
|
| 107 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes($fetch_results_header['value'])); |
|
| 108 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes($fetch_results_footer['value'])); |
|
| 108 |
$search_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_footer['value']));
|
|
| 109 |
$search_results_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_header['value']));
|
|
| 110 |
$search_results_footer = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_footer['value']));
|
|
| 109 | 111 |
// Do extra vars/values replacement |
| 110 | 112 |
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]');
|
| 111 | 113 |
$values = array($search_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked); |
| 112 |
$search_header = str_replace($vars, $values, $this->strip_slashes($fetch_header['value'])); |
|
| 114 |
$search_header = str_replace($vars, $values, $this->strip_slashes_dummy($fetch_header['value']));
|
|
| 113 | 115 |
|
| 114 | 116 |
// Insert js code |
| 115 | 117 |
?> |
| ... | ... | |
| 158 | 160 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 159 | 161 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 160 | 162 |
} |
| 161 |
$values = array($link, $this->strip_slashes($page['page_title']),$this->strip_slashes($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 163 |
$values = array($link, $this->strip_slashes_dummy($page['page_title']),$this->strip_slashes_dummy($page['description']), $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 162 | 164 |
// Show loop code with vars replaced by values |
| 163 | 165 |
if($values != array()) {
|
| 164 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value'])); |
|
| 166 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
| 165 | 167 |
} |
| 166 | 168 |
// Say that we have already listed this page id |
| 167 | 169 |
$pages_listed[$page['page_id']] = true; |
| ... | ... | |
| 184 | 186 |
// Fetch query start |
| 185 | 187 |
$fetch_query_start = $get_query_start->fetchRow(); |
| 186 | 188 |
// Prepare query start for execution by replacing {TP} with the TABLE_PREFIX
|
| 187 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes($fetch_query_start['value']));
|
|
| 189 |
$query_start = str_replace('[TP]', TABLE_PREFIX, $this->strip_slashes_dummy($fetch_query_start['value']));
|
|
| 188 | 190 |
// Get query end |
| 189 | 191 |
$get_query_end = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_end' AND extra = '$module_name' LIMIT 1");
|
| 190 | 192 |
if($get_query_end->numRows() > 0) {
|
| 191 | 193 |
// Fetch query start |
| 192 | 194 |
$fetch_query_end = $get_query_end->fetchRow(); |
| 193 | 195 |
// Set query end |
| 194 |
$query_end = $this->strip_slashes($fetch_query_end['value']); |
|
| 196 |
$query_end = $this->strip_slashes_dummy($fetch_query_end['value']);
|
|
| 195 | 197 |
// Get query body |
| 196 | 198 |
$get_query_body = $database->query("SELECT value FROM ".TABLE_PREFIX."search WHERE name = 'query_body' AND extra = '$module_name' LIMIT 1");
|
| 197 | 199 |
if($get_query_body->numRows() > 0) {
|
| 198 | 200 |
// Fetch query start |
| 199 | 201 |
$fetch_query_body = $get_query_body->fetchRow(); |
| 200 | 202 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes($fetch_query_body['value']));
|
|
| 203 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->strip_slashes_dummy($fetch_query_body['value']));
|
|
| 202 | 204 |
// Loop through query body for each string, then combine with start and end |
| 203 | 205 |
$prepared_query = $query_start; |
| 204 | 206 |
$count = 0; |
| ... | ... | |
| 226 | 228 |
$date = $TEXT['UNKNOWN'].' '.$TEXT['DATE']; |
| 227 | 229 |
$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME']; |
| 228 | 230 |
} |
| 229 |
$values = array($link, $this->strip_slashes($page[$fields['title']]), $this->strip_slashes($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 231 |
$values = array($link, $this->strip_slashes_dummy($page[$fields['title']]), $this->strip_slashes_dummy($page[$fields['description']]), $users[$page[$fields['modified_by']]]['username'], $users[$page[$fields['modified_by']]]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']));
|
|
| 230 | 232 |
// Show loop code with vars replaced by values |
| 231 |
echo str_replace($vars, $values, $this->strip_slashes($fetch_results_loop['value'])); |
|
| 233 |
echo str_replace($vars, $values, $this->strip_slashes_dummy($fetch_results_loop['value']));
|
|
| 232 | 234 |
// Say that this page or item has been listed if we can |
| 233 | 235 |
if(isset($fields['page_id'])) {
|
| 234 | 236 |
$pages_listed[$page[$fields['page_id']]] = true; |
Also available in: Unified diff
Changed most occurrences of strip_slashes to new dummy method strip_slashes_dummy.