Project

General

Profile

« Previous | Next » 

Revision 491

Added by Matthias over 17 years ago

Added changeset [490] to the branches

View differences:

branches/2.6.x/wb/search/search.php
53 53
		} else {
54 54
			$string=$_REQUEST['string'];
55 55
		}
56
		$string = $wb->add_slashes($string);
56 57
		// remove some bad chars like _single_ '"', '&'. '!", ...
57 58
		$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string);
58
		$string = my_htmlspecialchars($string);
59
		$string = strtr(my_htmlspecialchars($string), array('\"'=>'"'));
59 60
		// reverse potential magic_quotes action
60 61
		$original_string=$wb->strip_slashes($string);
61 62
		// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
62
		$string = addslashes($wb->escape_backslashes($original_string));
63
		$string = $wb->escape_backslashes($original_string);
63 64
		// convert a copy of $string to HTML-ENTITIES
64 65
		$string_entities = umlauts_to_entities($string);
65 66
		// and do some convertion to both
branches/2.6.x/wb/search/search_convert.php
1 1
<?php
2 2

  
3
// $Id: search_convert.php 480 2007-06-11 16:35:58Z Ruebenwurzel $
3
// $Id: search_convert.php 490 2007-06-23 08:13:53Z Ruebenwurzel $
4 4

  
5 5
/*
6 6

  
......
35 35

  
36 36
//htmlspecialchars_decode
37 37
$string_htmlspecialchars_decode=array(
38
	"&lt;"=>"<", "&gt;"=>">", "&amp;"=>"&", "&quot;"=>"\"", "&#039;"=>"\'"
38
	"&lt;"=>"<", "&gt;"=>">", "&amp;"=>"&", "&quot;"=>"\"", "&#39;"=>"\'"
39 39
);
40 40
//htmlspecialchars_decode
41 41
$string_htmlspecialchars_encode=array(
42
	"<"=>"&lt;", ">"=>"&gt;", "&"=>"&amp;", "\""=>"&quot;", "\'"=>"&#039;"
42
	"<"=>"&lt;", ">"=>"&gt;", "&"=>"&amp;", "\""=>"&quot;", "\'"=>"&#39;"
43 43
);
44 44

  
45 45
//convert some bad characters
branches/2.6.x/wb/framework/convert.php
50 50
'&#154;'=>'s',
51 51
'&#159;'=>'Y',
52 52
'&copy;'=>'(c)','&reg;'=>'(r)','&ETH;'=>'D','&times;'=>'x','&Oslash;'=>'O','&THORN;'=>'TH','&eth;'=>'d','&oslash;'=>'o','&thorn;'=>'th',
53
'&#039;'=>'-','&quot;'=>'-',
53
'&#39;'=>'-','&apos;'=>'-','&quot;'=>'-',
54 54
// latin extended-A
55 55
'&#256;'=>'A','&#257;'=>'a','&#258;'=>'A','&#259;'=>'a','&#260;'=>'A','&#261;'=>'a',
56 56
'&#262;'=>'C','&#263;'=>'c','&#264;'=>'C','&#265;'=>'c','&#269;'=>'c','&#268;'=>'C','&#267;'=>'c','&#266;'=>'C',
branches/2.6.x/wb/framework/frontend.functions.php
76 76
	$string = entities_to_umlauts($search_string, 'UTF-8');
77 77
	$string = strtr($string, $string_ul_umlauts);
78 78
	// do some magic to prevent &lt; &gt; ... from being highlighted
79
	$foo = strtr($foo, array("&lt;"=>"!,,!", "&gt;"=>"!,,,!", "&amp;"=>"!,,,,!", "&quot;"=>"!,,,,,!", "&#039;"=>"!,,,,,,!"));
80
	$string = strtr($string, array("&lt;"=>"!,,!", "&gt;"=>"!,,,!", "&amp;"=>"!,,,,!", "&quot;"=>"!,,,,,!", "&#039;"=>"!,,,,,,!"));
79
	$foo = strtr($foo, array("&lt;"=>"!,,!", "&gt;"=>"!,,,!", "&amp;"=>"!,,,,!", "&quot;"=>"!,,,,,!", "&#39;"=>"!,,,,,,!"));
80
	$string = strtr($string, array("&lt;"=>"!,,!", "&gt;"=>"!,,,!", "&amp;"=>"!,,,,!", "&quot;"=>"!,,,,,!", "&#39;"=>"!,,,,,,!"));
81 81
	$foo = preg_replace('/('.$string.')(?=[^>]*<)/iUS', '<span class="highlight">$1</span>',$foo);
82 82
	$pos = strpos($foo, '<');
83 83
	if ($pos === false) { // "===" means identicaly
84 84
		$foo = preg_replace('/('.$string.')/i', '<span class="highlight">$1</span>',$foo);
85 85
	}
86
	$foo = strtr($foo, array("!,,!"=>"&lt;", "!,,,!"=>"&gt;", "!,,,,!"=>"&amp;", "!,,,,,!"=>"&quot;", "!,,,,,,!"=>"&#039;"));
86
	$foo = strtr($foo, array("!,,!"=>"&lt;", "!,,,!"=>"&gt;", "!,,,,!"=>"&amp;", "!,,,,,!"=>"&quot;", "!,,,,,,!"=>"&#39;"));
87 87
	if(DEFAULT_CHARSET != 'utf-8') {
88 88
		$foo = umlauts_to_defcharset($foo, 'UTF-8');
89 89
	}
branches/2.6.x/wb/framework/functions.php
341 341
// Function as replecement for php's htmlspecialchars()
342 342
function my_htmlspecialchars($string) {
343 343
	$string = preg_replace("/&(?=[#a-z0-9]+;)/i", "_x_", $string);
344
	$string = strtr($string, array("<"=>"&lt;", ">"=>"&gt;", "&"=>"&amp;", "\""=>"&quot;", "\'"=>"&#039;"));
344
	$string = strtr($string, array("<"=>"&lt;", ">"=>"&gt;", "&"=>"&amp;", "\""=>"&quot;", "\'"=>"&#39;"));
345 345
	$string = preg_replace("/_x_(?=[#a-z0-9]+;)/i", "&", $string);
346 346
	return($string);
347 347
}
......
431 431
				}
432 432
			}
433 433
		} else {
434
			$string = strtr($string, array("&lt;"=>"&_lt;", "&gt;"=>"&_gt;", "&amp;"=>"&_amp;", "&quot;"=>"&_quot;", "&#039;"=>"&_#039;"));
434
			$string = strtr($string, array("&lt;"=>"&_lt;", "&gt;"=>"&_gt;", "&amp;"=>"&_amp;", "&quot;"=>"&_quot;", "&#39;"=>"&_#39;"));
435 435
			$string=mb_convert_encoding($string, $charset_out, $charset_in);
436
			$string = strtr($string, array("&_lt;"=>"&lt;", "&_gt;"=>"&gt;", "&_amp;"=>"&amp;", "&_quot;"=>"&quot;", "&_#039;"=>"&#039;"));
436
			$string = strtr($string, array("&_lt;"=>"&lt;", "&_gt;"=>"&gt;", "&_amp;"=>"&amp;", "&_quot;"=>"&quot;", "&_#39;"=>"&#39;"));
437 437
		}
438 438
		return $string;
439 439
	}
......
613 613
	);
614 614
		
615 615
	if ($in == 'HTML-ENTITIES') {
616
		$string = strtr($string, array('&#039;'=>'&#39;')); // fix a broken entity
616 617
		$string = strtr($string, $named_to_numbered_entities);
617 618
		$string = preg_replace("/&#([0-9]+);/e", "code_to_utf8($1)", $string);
618 619
	}

Also available in: Unified diff