source: branches/2.0/search.php @ 4966

Last change on this file since 4966 was 4752, checked in by plg, 14 years ago

bug 1401 fixed: let's use the mysql_real_escape_string on POST fields (even if
I was not able to reproduce any attack because fields are heavily processed
before any SQL query).

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 7.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24//--------------------------------------------------------------------- include
25define('PHPWG_ROOT_PATH','./');
26include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
27
28// +-----------------------------------------------------------------------+
29// | Check Access and exit when user status is not ok                      |
30// +-----------------------------------------------------------------------+
31check_status(ACCESS_GUEST);
32
33//------------------------------------------------------------------ form check
34$errors = array();
35$search = array();
36if (isset($_POST['submit']))
37{
38  foreach ($_POST as $post_key => $post_value)
39  {
40    if (!is_array($post_value))
41    {
42      $_POST[$post_key] = mysql_real_escape_string($post_value);
43    }
44  } 
45 
46  if (isset($_POST['search_allwords'])
47      and !preg_match('/^\s*$/', $_POST['search_allwords']))
48  {
49    $drop_char_match = array(
50      '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
51      '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
52    $drop_char_replace = array(
53      ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','','',' ',' ',' ',' ','',' ',
54      ' ',' ',' ',' ',' ',' ',' ',' ','' ,' ',' ',' ',' ',' ');
55
56    // Split words
57    $search['fields']['allwords'] = array(
58      'words' => array_unique(
59        preg_split(
60          '/\s+/',
61          str_replace(
62            $drop_char_match,
63            $drop_char_replace,
64            $_POST['search_allwords']
65            )
66          )
67        ),
68      'mode' => $_POST['mode'],
69      );
70  }
71
72  if (isset($_POST['tags']))
73  {
74    check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
75   
76    $search['fields']['tags'] = array(
77      'words' => $_POST['tags'],
78      'mode'  => $_POST['tag_mode'],
79      );
80  }
81
82  if ($_POST['search_author'])
83  {
84    $search['fields']['author'] = array(
85      'words' => preg_split(
86        '/\s+/',
87        $_POST['search_author']
88        ),
89      'mode' => 'OR',
90      );
91  }
92
93  if (isset($_POST['cat']))
94  {
95    check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
96   
97    $search['fields']['cat'] = array(
98      'words'   => $_POST['cat'],
99      'sub_inc' => ($_POST['subcats-included'] == 1) ? true : false,
100      );
101  }
102
103  // dates
104  $type_date = $_POST['date_type'];
105
106  if (!empty($_POST['start_year']))
107  {
108    $search['fields'][$type_date.'-after'] = array(
109      'date' => join(
110        '-',
111        array(
112          $_POST['start_year'],
113          $_POST['start_month'] != 0 ? $_POST['start_month'] : '01',
114          $_POST['start_day']   != 0 ? $_POST['start_day']   : '01',
115          )
116        ),
117      'inc' => true,
118      );
119  }
120
121  if (!empty($_POST['end_year']))
122  {
123    $search['fields'][$type_date.'-before'] = array(
124      'date' => join(
125        '-',
126        array(
127          $_POST['end_year'],
128          $_POST['end_month'] != 0 ? $_POST['end_month'] : '12',
129          $_POST['end_day']   != 0 ? $_POST['end_day']   : '31',
130          )
131        ),
132      'inc' => true,
133      );
134  }
135
136  if (!empty($search))
137  {
138    // default search mode : each clause must be respected
139    $search['mode'] = 'AND';
140
141    // register search rules in database, then they will be available on
142    // thumbnails page and picture page.
143    $query ='
144INSERT INTO '.SEARCH_TABLE.'
145  (rules, last_seen)
146  VALUES
147  (\''.serialize($search).'\', NOW())
148;';
149    pwg_query($query);
150
151    $search_id = mysql_insert_id();
152  }
153  else
154  {
155    array_push($errors, l10n('search_one_clause_at_least'));
156  }
157}
158//----------------------------------------------------------------- redirection
159if (isset($_POST['submit']) and count($errors) == 0)
160{
161  redirect(
162    make_index_url(
163      array(
164        'section' => 'search',
165        'search'  => $search_id,
166        )
167      )
168    );
169}
170//----------------------------------------------------- template initialization
171
172//
173// Start output of page
174//
175$title= l10n('search_title');
176$page['body_id'] = 'theSearchPage';
177
178$template->set_filename('search' ,'search.tpl' );
179
180$month_list = $lang['month'];
181$month_list[0]='------------';
182ksort($month_list);
183
184$template->assign(
185  array(
186    'F_SEARCH_ACTION' => 'search.php',
187    'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=search',
188
189    'month_list' => $month_list,
190    'START_DAY_SELECTED' => @$_POST['start_day'],
191    'START_MONTH_SELECTED' => @$_POST['start_month'],
192    'END_DAY_SELECTED' => @$_POST['end_day'],
193    'END_MONTH_SELECTED' => @$_POST['end_month'],
194    )
195  );
196
197$available_tags = get_available_tags();
198
199if (count($available_tags) > 0)
200{
201  usort( $available_tags, 'tag_alpha_compare');
202
203  $template->assign(
204    'TAG_SELECTION',
205    get_html_tag_selection(
206        $available_tags,
207        'tags',
208        isset($_POST['tags']) ? $_POST['tags'] : array()
209        )
210    );
211}
212
213//------------------------------------------------------------- categories form
214$query = '
215SELECT id,name,global_rank,uppercats
216  FROM '.CATEGORIES_TABLE.'
217'.get_sql_condition_FandF
218  (
219    array
220      (
221        'forbidden_categories' => 'id',
222        'visible_categories' => 'id'
223      ),
224    'WHERE'
225  ).'
226;';
227display_select_cat_wrapper($query, array(), 'category_options', false);
228
229//-------------------------------------------------------------- errors display
230if (sizeof($errors) != 0)
231{
232  $template->assign('errors', $errors);
233}
234//------------------------------------------------------------ log informations
235include(PHPWG_ROOT_PATH.'include/page_header.php');
236$template->pparse('search');
237include(PHPWG_ROOT_PATH.'include/page_tail.php');
238?>
Note: See TracBrowser for help on using the repository browser.