Changeset 26825


Ignore:
Timestamp:
Jan 17, 2014, 1:50:14 PM (10 years ago)
Author:
plg
Message:

bug 3020 and bug 3021 fixed: additionnal checks in search inputs

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_search.inc.php

    r26649 r26825  
    114114      );
    115115
     116    // make sure the "mode" is either OR or AND
     117    if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR')
     118    {
     119      $search['fields']['allwords']['mode'] = 'AND';
     120    }
     121
    116122    $clauses[] = "\n         ".
    117123      implode(
  • trunk/search.php

    r26461 r26825  
    4848      and !preg_match('/^\s*$/', $_POST['search_allwords']))
    4949  {
     50    check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
     51   
    5052    $drop_char_match = array(
    5153      '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
     
    7476  {
    7577    check_input_parameter('tags', $_POST, true, PATTERN_ID);
     78    check_input_parameter('tag_mode', $_POST, false, '/^(OR|AND)$/');
    7679   
    7780    $search['fields']['tags'] = array(
     
    8689      'words' => preg_split(
    8790        '/\s+/',
    88         $_POST['search_author']
     91        strip_tags($_POST['search_author'])
    8992        ),
    9093      'mode' => 'OR',
  • trunk/search_rules.php

    r26461 r26825  
    108108      l10n(
    109109        'author(s) : %s',
    110         join(', ', $search['fields']['author']['words'])
     110        join(', ', array_map('strip_tags', $search['fields']['author']['words']))
    111111        )
    112112      );
Note: See TracChangeset for help on using the changeset viewer.