diff options
-rw-r--r-- | web/lib/aurjson.class.php | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 06247eb8..5794ebc3 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -18,9 +18,10 @@ include_once("aur.inc"); **/ class AurJSON { private $dbh = false; - private $exposed_methods = array('search','info'); - private $fields = array('ID','Name','Version','CategoryID','Description', - 'LocationID', 'URL','URLPath','License','NumVotes','OutOfDate'); + private $exposed_methods = array('search','info','msearch'); + private $fields = array('Packages.ID','Name','Version','CategoryID', + 'Description', 'LocationID', 'URL','URLPath','License','NumVotes', + 'OutOfDate'); /** * Handles post data, and routes the request. @@ -95,10 +96,9 @@ class AurJSON { $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $query = "SELECT " . implode(',', $this->fields) . - " FROM Packages WHERE DummyPkg=0 AND "; - $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )", - $keyword_string, $keyword_string); - + " FROM Packages WHERE DummyPkg=0 AND " . + " ( Name LIKE '%{$keyword_string}%' OR " . + " Description LIKE '%{$keyword_string}%' )"; $result = db_query($query, $this->dbh); if ( $result && (mysql_num_rows($result) > 0) ) { @@ -128,13 +128,13 @@ class AurJSON { // just using sprintf to coerce the pqd to an int // should handle sql injection issues, since sprintf will // bork if not an int, or convert the string to a number 0 - $query_stub = sprintf("ID=%d",$pqdata); + $query_stub = "ID={$pqdata}"; } else { if(get_magic_quotes_gpc()) { $pqdata = stripslashes($pqdata); } - $query_stub = sprintf("Name=\"%s\"", + $query_stub = printf("Name=\"%s\"", mysql_real_escape_string($pqdata)); } @@ -158,5 +158,33 @@ class AurJSON { return $this->json_error('No result found'); } } + + /** + * Returns all the packages for a specific maintainer. + * @param $maintainer The name of the maintainer. + * @return mixed Returns an array of value data containing the package data + **/ + private function msearch($maintainer) { + $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $fields = implode(',', $this->fields); + + $query = "SELECT Users.Username as Maintainer, {$fields} " . + " FROM Packages, Users " . + " WHERE Packages.MaintainerUID = Users.ID AND " . + " Users.Username = '{$maintainer}'"; + $result = db_query($query, $this->dbh); + + if ( $result && (mysql_num_rows($result) > 0) ) { + $packages = array(); + while ( $row = mysql_fetch_assoc($result) ) { + array_push($packages, $row); + } + mysql_free_result($result); + return $this->json_results('msearch', $packages); + } + else { + return $this->json_error('No results found'); + } + } } |