From 341fcce75ec8d16538eec6ebcdfbdd00711c6638 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 6 Dec 2011 19:51:19 -0800 Subject: preg_quote search strings --- mod/network.php | 4 ++-- mod/search.php | 11 ++--------- 2 files changed, 4 insertions(+), 11 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 2a3db597e..3df8a2105 100644 --- a/mod/network.php +++ b/mod/network.php @@ -364,8 +364,8 @@ function network_content(&$a, $update = 0) { if(x($_GET,'search')) { $search = escape_tags($_GET['search']); $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ", - dbesc($search), - dbesc('\\]' . $search . '\\[') + dbesc(preg_quote($search)), + dbesc('\\]' . preg_quote($search) . '\\[') ); } diff --git a/mod/search.php b/mod/search.php index 0b58db5d1..3f98b607f 100644 --- a/mod/search.php +++ b/mod/search.php @@ -96,17 +96,10 @@ function search_content(&$a) { // Only public wall posts can be shown // OR your own posts if you are a logged in member - $escaped_search = str_replace(array('[',']'),array('\\[','\\]'),$search); - -// $s_bool = sprintf("AND MATCH (`item`.`body`) AGAINST ( '%s' IN BOOLEAN MODE )", dbesc($search)); $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", - dbesc($escaped_search), dbesc('\\]' . $escaped_search . '\\[')); - -// if(mb_strlen($search) >= 3) -// $search_alg = $s_bool; -// else + dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); - $search_alg = $s_regx; + $search_alg = $s_regx; $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` -- cgit v1.2.3