Changeset 27933


Ignore:
Timestamp:
03/25/14 13:53:10 (5 years ago)
Author:
plg
Message:

merge r26825 from trunk to branch 2.5

bug 3020 and bug 3021 fixed: additionnal checks in search inputs

Location:
branches/2.5
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/include/functions_search.inc.php

    r19703 r27933  
    118118      ); 
    119119 
    120     array_push( 
    121       $clauses, 
    122       "\n         ". 
     120    // make sure the "mode" is either OR or AND 
     121    if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR') 
     122    { 
     123      $search['fields']['allwords']['mode'] = 'AND'; 
     124    } 
     125 
     126    $clauses[] = "\n         ". 
    123127      implode( 
    124128        "\n         ". 
  • branches/2.5/search.php

    r20609 r27933  
    4848      and !preg_match('/^\s*$/', $_POST['search_allwords'])) 
    4949  { 
     50    check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/'); 
     51     
    5052    $drop_char_match = array( 
    5153      '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_', 
     
    7476  { 
    7577    check_input_parameter('tags', $_POST, true, PATTERN_ID); 
     78    check_input_parameter('tag_mode', $_POST, false, '/^(OR|AND)$/'); 
    7679     
    7780    $search['fields']['tags'] = array( 
     
    8689      'words' => preg_split( 
    8790        '/\s+/', 
    88         $_POST['search_author'] 
     91        strip_tags($_POST['search_author']) 
    8992        ), 
    9093      'mode' => 'OR', 
  • branches/2.5/search_rules.php

    r19703 r27933  
    107107     sprintf( 
    108108          l10n('author(s) : %s'), 
    109           join(', ', $search['fields']['author']['words']) 
     109          join(', ', array_map('strip_tags', $search['fields']['author']['words'])) 
    110110        ) 
    111111      ); 
Note: See TracChangeset for help on using the changeset viewer.