Revision 487
Added by Matthias over 17 years ago
search.php | ||
---|---|---|
49 | 49 |
// Get search string |
50 | 50 |
if(isset($_REQUEST['string'])) { |
51 | 51 |
if ($match!='exact') { |
52 |
$string=str_replace(',', '', my_htmlspecialchars($_REQUEST['string']));
|
|
52 |
$string=str_replace(',', '', $_REQUEST['string']);
|
|
53 | 53 |
} else { |
54 |
$string=my_htmlspecialchars($_REQUEST['string']);
|
|
54 |
$string=$_REQUEST['string'];
|
|
55 | 55 |
} |
56 |
// remove some bad chars like _single_ '"', '&'. '!", ... |
|
57 |
$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string); |
|
58 |
$string = my_htmlspecialchars($string); |
|
56 | 59 |
// reverse potential magic_quotes action |
57 | 60 |
$original_string=$wb->strip_slashes($string); |
58 | 61 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
... | ... | |
61 | 64 |
$string_entities = umlauts_to_entities($string); |
62 | 65 |
// and do some convertion to both |
63 | 66 |
require(WB_PATH.'/search/search_convert.php'); |
64 |
$string = strtr($string,$string_conv_all); |
|
65 |
$string_entities = strtr($string_entities,$string_conv_all); |
|
66 | 67 |
$search_string = $string_entities; |
67 | 68 |
} else { |
68 | 69 |
$string = ''; |
... | ... | |
301 | 302 |
|
302 | 303 |
|
303 | 304 |
// don't list pages with visibility == none|deleted |
304 |
$query = $database->query("SELECT ". |
|
305 |
$viewquery = $database->query("SELECT ".
|
|
305 | 306 |
TABLE_PREFIX."pages.visibility |
306 | 307 |
FROM ".TABLE_PREFIX."pages |
307 | 308 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 " |
308 | 309 |
); |
309 | 310 |
$visibility = 'public'; |
310 |
if($query->numRows() > 0) { |
|
311 |
if($res = $query->fetchRow()) { |
|
311 |
if($viewquery->numRows() > 0) {
|
|
312 |
if($res = $viewquery->fetchRow()) {
|
|
312 | 313 |
$visibility = $res['visibility']; |
313 | 314 |
} |
314 | 315 |
} |
Also available in: Unified diff
Added changeset [486] to branches