Revision 654
Added by thorn almost 17 years ago
| search.php | ||
|---|---|---|
| 70 | 70 |
// Get the search type |
| 71 | 71 |
$match = 'all'; |
| 72 | 72 |
if(isset($_REQUEST['match'])) {
|
| 73 |
$match = $_REQUEST['match'];
|
|
| 73 |
$match = $wb->add_slashes(strip_tags($_REQUEST['match']));
|
|
| 74 | 74 |
} |
| 75 | 75 |
|
| 76 | 76 |
// Get the path to search into. Normally left blank |
| ... | ... | |
| 83 | 83 |
$search_path_SQL = ""; |
| 84 | 84 |
$search_path = ""; |
| 85 | 85 |
if(isset($_REQUEST['search_path'])) {
|
| 86 |
$search_path = $_REQUEST['search_path'];
|
|
| 86 |
$search_path = $wb->add_slashes(strip_tags($_REQUEST['search_path']));
|
|
| 87 | 87 |
if($search_path != '') {
|
| 88 | 88 |
$search_path_SQL = "AND ( "; |
| 89 | 89 |
$not = ""; |
| ... | ... | |
| 121 | 121 |
if ($match!='exact') {
|
| 122 | 122 |
$string=str_replace(',', '', $_REQUEST['string']);
|
| 123 | 123 |
} else {
|
| 124 |
$string=$_REQUEST['string']; |
|
| 124 |
$string=$_REQUEST['string']; // $string will be cleaned below
|
|
| 125 | 125 |
} |
| 126 | 126 |
// redo possible magic quotes |
| 127 | 127 |
$string = $wb->strip_slashes($string); |
| 128 | 128 |
$string = htmlspecialchars($string); |
| 129 | 129 |
$search_display_string = $string; |
| 130 |
// simulate mysql_real_escape_string()
|
|
| 131 |
$string = strtr($string, array("\x00"=>"\\\x00", "\n"=>"\\\n", "\r"=>"\\\r", '\\'=>'\\\\','\''=>'\\\'','"'=>"\\\"","\x1a"=>"\\\x1a"));
|
|
| 130 |
// do really addslashes()
|
|
| 131 |
$string = $wb->add_slashes($string);
|
|
| 132 | 132 |
// remove some bad chars |
| 133 | 133 |
$string = preg_replace("/(^|\s+)([.])+(?=\s+|$)/", "", $string);
|
| 134 | 134 |
// mySQL needs four backslashes to match one in LIKE comparisons) |
Also available in: Unified diff
Fixed possible XSS-vulnerability in wb/search/search.php