Project

General

Profile

« Previous | Next » 

Revision 487

Added by Matthias over 17 years ago

Added changeset [486] to branches

View differences:

search.php
49 49
	// Get search string
50 50
	if(isset($_REQUEST['string'])) {
51 51
		if ($match!='exact') {
52
			$string=str_replace(',', '', my_htmlspecialchars($_REQUEST['string']));
52
			$string=str_replace(',', '', $_REQUEST['string']);
53 53
		} else {
54
			$string=my_htmlspecialchars($_REQUEST['string']);
54
			$string=$_REQUEST['string'];
55 55
		}
56
		// remove some bad chars like _single_ '"', '&'. '!", ...
57
		$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string);
58
		$string = my_htmlspecialchars($string);
56 59
		// reverse potential magic_quotes action
57 60
		$original_string=$wb->strip_slashes($string);
58 61
		// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
......
61 64
		$string_entities = umlauts_to_entities($string);
62 65
		// and do some convertion to both
63 66
		require(WB_PATH.'/search/search_convert.php');
64
		$string = strtr($string,$string_conv_all);
65
		$string_entities = strtr($string_entities,$string_conv_all);
66 67
		$search_string = $string_entities;
67 68
	} else {
68 69
		$string = '';
......
301 302
										
302 303
										
303 304
										// don't list pages with visibility == none|deleted
304
										$query = $database->query("SELECT ".
305
										$viewquery = $database->query("SELECT ".
305 306
											TABLE_PREFIX."pages.visibility
306 307
											FROM ".TABLE_PREFIX."pages
307 308
											WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 "
308 309
										);
309 310
										$visibility = 'public';
310
										if($query->numRows() > 0) {
311
											if($res = $query->fetchRow()) {
311
										if($viewquery->numRows() > 0) {
312
											if($res = $viewquery->fetchRow()) {
312 313
												$visibility = $res['visibility'];
313 314
											}
314 315
										}

Also available in: Unified diff