From 941f81eb300074b203dd480924f9cf8b9d41a08d Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Dec 2013 02:01:42 -0800 Subject: check that every invocation of htmlspecialchars has the right arg list --- mod/search.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'mod/search.php') diff --git a/mod/search.php b/mod/search.php index 7651b3a4e..2b31002fa 100644 --- a/mod/search.php +++ b/mod/search.php @@ -17,7 +17,7 @@ function search_saved_searches() { $o .= '

' . t('Saved Searches') . '

' . "\r\n"; $o .= '
' . "\r\n"; } @@ -272,9 +272,9 @@ function search_content(&$a,$update = 0, $load = false) { if($tag) - $o .= '

Items tagged with: ' . htmlspecialchars($search) . '

'; + $o .= '

Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; else - $o .= '

Search results for: ' . htmlspecialchars($search) . '

'; + $o .= '

Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; $o .= conversation($a,$items,'search',$update,'client'); -- cgit v1.2.3 From a084a3fa47879f00a535501f14f32c3ff55f7d29 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 20 Dec 2013 01:39:42 -0800 Subject: comanchify mod_search - we've got three modules left to Comanchify: admin, directory and message - each of which introduces "interesting challenges" --- mod/search.php | 124 ++------------------------------------------------------- 1 file changed, 3 insertions(+), 121 deletions(-) (limited to 'mod/search.php') diff --git a/mod/search.php b/mod/search.php index 2b31002fa..32c8ca38e 100644 --- a/mod/search.php +++ b/mod/search.php @@ -1,76 +1,8 @@ '; - $o .= '

' . t('Saved Searches') . '

' . "\r\n"; - $o .= '
' . "\r\n"; - } - - return $o; - -} - - function search_init(&$a) { - - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); - - if(local_user()) { - if(x($_GET,'save') && $search) { - $r = q("select `tid` from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - if(! count($r)) { - q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - } - if(x($_GET,'remove') && $search) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - - $a->page['aside'] .= search_saved_searches(); - - } - else { - unset($_SESSION['theme']); - unset($_SESSION['mobile_theme']); - } - - - -} - - - -function search_post(&$a) { - if(x($_POST,'search')) - $a->data['search'] = $_POST['search']; + if(x($_REQUEST,'search')) + $a->data['search'] = $_REQUEST['search']; } @@ -133,10 +65,7 @@ function search_content(&$a,$update = 0, $load = false) { ); } else { - if (get_config('system','use_fulltext_engine')) - $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search))); - else - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } // Here is the way permissions work in the search module... @@ -144,9 +73,6 @@ function search_content(&$a,$update = 0, $load = false) { // OR your own posts if you are a logged in member // No items will be shown if the member has a blocked profile wall. - - - if((! $update) && (! $load)) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, @@ -223,54 +149,12 @@ function search_content(&$a,$update = 0, $load = false) { } if($r) { - -// $parents_str = ids_to_querystr($r,'item_id'); - -// $items = q("SELECT `item`.*, `item`.`id` AS `item_id` -// FROM `item` -// WHERE item_restrict = 0 -// $sql_extra and parent in ( $parents_str ) " -// ); - xchan_query($r); $items = fetch_post_tags($r,true); -// $items = conv_sort($items,'created'); - } else { $items = array(); } -//logger('mod_search: items ' . count($items)); - -// $r = q("SELECT distinct(`item`.`mid`), `item`.*, `item`.`id` AS `item_id`, -// `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`, -// `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, -// `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, -// `user`.`nickname` -// FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` -// LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` -// WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 -// AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) -// OR `item`.`uid` = %d ) -// AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 -// $sql_extra -// group by `item`.`mid` -// ORDER BY `received` DESC LIMIT %d , %d ", -// intval(local_user()), -// intval($a->pager['start']), -// intval($a->pager['itemspage']) - -// ); - - -// $a = fetch_post_tags($a,true); - -// if(! $items) {// -// info( t('No results.') . EOL); -// return $o; -// } - - if($tag) $o .= '

Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; else @@ -278,8 +162,6 @@ function search_content(&$a,$update = 0, $load = false) { $o .= conversation($a,$items,'search',$update,'client'); -// $o .= alt_pager($a,count($r)); - return $o; } -- cgit v1.2.3 From 79102218324e794bb7096e682d61841b570fc411 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 8 Jan 2014 15:20:12 -0800 Subject: preparatory work for supporting a "list view" mode for conversations. This would be useful for forum-like channels and/or block-oriented themes. --- mod/search.php | 1 + 1 file changed, 1 insertion(+) (limited to 'mod/search.php') diff --git a/mod/search.php b/mod/search.php index 32c8ca38e..d13c613c2 100644 --- a/mod/search.php +++ b/mod/search.php @@ -96,6 +96,7 @@ function search_content(&$a,$update = 0, $load = false) { '$spam' => '0', '$nouveau' => '0', '$wall' => '0', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), '$search' => (($tag) ? urlencode('#') : '') . $search, '$order' => '', -- cgit v1.2.3 From e9ce68559e7f552b6ef738eaf7f9025813eb82ad Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Sun, 19 Jan 2014 23:48:26 +0000 Subject: Stop Google DDoSing me by providing block_public_search, which unlike block_public will block *only* searching without an observer. --- mod/search.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'mod/search.php') diff --git a/mod/search.php b/mod/search.php index d13c613c2..22e521164 100644 --- a/mod/search.php +++ b/mod/search.php @@ -8,11 +8,12 @@ function search_init(&$a) { function search_content(&$a,$update = 0, $load = false) { - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - notice( t('Public access denied.') . EOL); + if((get_config('system','block_public')) || (get_config('system','block_public_search'))) { + if ((! local_user()) && (! remote_user())) { + notice( t('Public access denied.') . EOL); return; + } } - nav_set_selected('search'); require_once("include/bbcode.php"); -- cgit v1.2.3