Revision 490
Added by Matthias over 17 years ago
| trunk/wb/search/search.php | ||
|---|---|---|
| 53 | 53 |
} else {
|
| 54 | 54 |
$string=$_REQUEST['string']; |
| 55 | 55 |
} |
| 56 |
$string = $wb->add_slashes($string); |
|
| 56 | 57 |
// remove some bad chars like _single_ '"', '&'. '!", ... |
| 57 | 58 |
$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string);
|
| 58 |
$string = my_htmlspecialchars($string);
|
|
| 59 |
$string = strtr(my_htmlspecialchars($string), array('\"'=>'"'));
|
|
| 59 | 60 |
// reverse potential magic_quotes action |
| 60 | 61 |
$original_string=$wb->strip_slashes($string); |
| 61 | 62 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
| 62 |
$string = addslashes($wb->escape_backslashes($original_string));
|
|
| 63 |
$string = $wb->escape_backslashes($original_string);
|
|
| 63 | 64 |
// convert a copy of $string to HTML-ENTITIES |
| 64 | 65 |
$string_entities = umlauts_to_entities($string); |
| 65 | 66 |
// and do some convertion to both |
| trunk/wb/search/search_convert.php | ||
|---|---|---|
| 35 | 35 |
|
| 36 | 36 |
//htmlspecialchars_decode |
| 37 | 37 |
$string_htmlspecialchars_decode=array( |
| 38 |
"<"=>"<", ">"=>">", "&"=>"&", """=>"\"", "'"=>"\'"
|
|
| 38 |
"<"=>"<", ">"=>">", "&"=>"&", """=>"\"", "'"=>"\'" |
|
| 39 | 39 |
); |
| 40 | 40 |
//htmlspecialchars_decode |
| 41 | 41 |
$string_htmlspecialchars_encode=array( |
| 42 |
"<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"
|
|
| 42 |
"<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'" |
|
| 43 | 43 |
); |
| 44 | 44 |
|
| 45 | 45 |
//convert some bad characters |
| trunk/wb/framework/convert.php | ||
|---|---|---|
| 50 | 50 |
'š'=>'s', |
| 51 | 51 |
'Ÿ'=>'Y', |
| 52 | 52 |
'©'=>'(c)','®'=>'(r)','Ð'=>'D','×'=>'x','Ø'=>'O','Þ'=>'TH','ð'=>'d','ø'=>'o','þ'=>'th', |
| 53 |
'''=>'-','"'=>'-',
|
|
| 53 |
'''=>'-','''=>'-','"'=>'-',
|
|
| 54 | 54 |
// latin extended-A |
| 55 | 55 |
'Ā'=>'A','ā'=>'a','Ă'=>'A','ă'=>'a','Ą'=>'A','ą'=>'a', |
| 56 | 56 |
'Ć'=>'C','ć'=>'c','Ĉ'=>'C','ĉ'=>'c','č'=>'c','Č'=>'C','ċ'=>'c','Ċ'=>'C', |
| trunk/wb/framework/frontend.functions.php | ||
|---|---|---|
| 76 | 76 |
$string = entities_to_umlauts($search_string, 'UTF-8'); |
| 77 | 77 |
$string = strtr($string, $string_ul_umlauts); |
| 78 | 78 |
// do some magic to prevent < > ... from being highlighted |
| 79 |
$foo = strtr($foo, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
|
|
| 80 |
$string = strtr($string, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
|
|
| 79 |
$foo = strtr($foo, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
|
|
| 80 |
$string = strtr($string, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
|
|
| 81 | 81 |
$foo = preg_replace('/('.$string.')(?=[^>]*<)/iUS', '<span class="highlight">$1</span>',$foo);
|
| 82 | 82 |
$pos = strpos($foo, '<'); |
| 83 | 83 |
if ($pos === false) { // "===" means identicaly
|
| 84 | 84 |
$foo = preg_replace('/('.$string.')/i', '<span class="highlight">$1</span>',$foo);
|
| 85 | 85 |
} |
| 86 |
$foo = strtr($foo, array("!,,!"=>"<", "!,,,!"=>">", "!,,,,!"=>"&", "!,,,,,!"=>""", "!,,,,,,!"=>"'"));
|
|
| 86 |
$foo = strtr($foo, array("!,,!"=>"<", "!,,,!"=>">", "!,,,,!"=>"&", "!,,,,,!"=>""", "!,,,,,,!"=>"'"));
|
|
| 87 | 87 |
if(DEFAULT_CHARSET != 'utf-8') {
|
| 88 | 88 |
$foo = umlauts_to_defcharset($foo, 'UTF-8'); |
| 89 | 89 |
} |
| trunk/wb/framework/functions.php | ||
|---|---|---|
| 341 | 341 |
// Function as replecement for php's htmlspecialchars() |
| 342 | 342 |
function my_htmlspecialchars($string) {
|
| 343 | 343 |
$string = preg_replace("/&(?=[#a-z0-9]+;)/i", "_x_", $string);
|
| 344 |
$string = strtr($string, array("<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"));
|
|
| 344 |
$string = strtr($string, array("<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"));
|
|
| 345 | 345 |
$string = preg_replace("/_x_(?=[#a-z0-9]+;)/i", "&", $string);
|
| 346 | 346 |
return($string); |
| 347 | 347 |
} |
| ... | ... | |
| 431 | 431 |
} |
| 432 | 432 |
} |
| 433 | 433 |
} else {
|
| 434 |
$string = strtr($string, array("<"=>"&_lt;", ">"=>"&_gt;", "&"=>"&_amp;", """=>"&_quot;", "'"=>"&_#039;"));
|
|
| 434 |
$string = strtr($string, array("<"=>"&_lt;", ">"=>"&_gt;", "&"=>"&_amp;", """=>"&_quot;", "'"=>"&_#39;"));
|
|
| 435 | 435 |
$string=mb_convert_encoding($string, $charset_out, $charset_in); |
| 436 |
$string = strtr($string, array("&_lt;"=>"<", "&_gt;"=>">", "&_amp;"=>"&", "&_quot;"=>""", "&_#039;"=>"'"));
|
|
| 436 |
$string = strtr($string, array("&_lt;"=>"<", "&_gt;"=>">", "&_amp;"=>"&", "&_quot;"=>""", "&_#39;"=>"'"));
|
|
| 437 | 437 |
} |
| 438 | 438 |
return $string; |
| 439 | 439 |
} |
| ... | ... | |
| 613 | 613 |
); |
| 614 | 614 |
|
| 615 | 615 |
if ($in == 'HTML-ENTITIES') {
|
| 616 |
$string = strtr($string, array('''=>''')); // fix a broken entity
|
|
| 616 | 617 |
$string = strtr($string, $named_to_numbered_entities); |
| 617 | 618 |
$string = preg_replace("/&#([0-9]+);/e", "code_to_utf8($1)", $string);
|
| 618 | 619 |
} |
Also available in: Unified diff
Fixed issue with escaped single and double quotes in search result (Thanks to thorn)