summaryrefslogtreecommitdiffstats
path: root/web/lib/pkgfuncs.inc
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib/pkgfuncs.inc')
-rw-r--r--web/lib/pkgfuncs.inc60
1 files changed, 25 insertions, 35 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index c8427ab8..2b6dd2be 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -38,14 +38,7 @@ function pkgLocations() {
function pkg_search_page($SID="") {
global $_REQUEST;
# SID: session id cookie
- # L: PackageLocations.ID
- # C: PackageCategories.ID
- # K: Keywords
- # SB: Sort by
- # M: search "my packages"
- # O: Row offset
- # PP: Per page
- # D: Direction to advance (Less/More)
+
$locs = pkgLocations();
$cats = pkgCategories();
$devs = getDevelopers();
@@ -56,6 +49,8 @@ function pkg_search_page($SID="") {
# determine paging variables
#
isset($_REQUEST["PP"]) ? $PP = intval($_REQUEST["PP"]) : $PP = 25;
+ if ($PP < 25) {$PP = 25;}
+ if ($PP > 100) {$PP = 100;}
isset($_REQUEST["O"]) ? $O = intval($_REQUEST["O"]) : $O = 0;
if (isset($_REQUEST["do_More"])) {
$O += $PP;
@@ -65,6 +60,11 @@ function pkg_search_page($SID="") {
if ($O < 0) {
$O = 0;
}
+ if (isset($_REQUEST["do_Search"]) || isset($_REQUEST["do_MyPackages"])) {
+ # reset the offset to zero if they hit Go/My Packages
+ #
+ $O = 0;
+ }
# grab info for user if they're logged in
@@ -76,16 +76,8 @@ function pkg_search_page($SID="") {
# The search form
#
- $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for
- # SQL trickery...
print "<form action='/pkgsearch.php' method='post'>\n";
print "<input type='hidden' name='O' value='".$O."'>\n";
- print "<input type='hidden' name='L' value='".$_REQUEST["L"]."'>\n";
- print "<input type='hidden' name='M' value='".$_REQUEST["M"]."'>\n";
- print "<input type='hidden' name='C' value='".$_REQUEST["C"]."'>\n";
- print "<input type='hidden' name='K' value='".$K."'>\n";
- print "<input type='hidden' name='SB' value='".$_REQUEST["SB"]."'>\n";
- print "<input type='hidden' name='PP' value='".$PP."'>\n";
print "<center>\n";
print "<table cellspacing='3' class='boxSoft'>\n";
@@ -105,7 +97,7 @@ function pkg_search_page($SID="") {
print " <select name='L'>\n";
print " <option value=0> ".__("Any")."\n";
while (list($id, $loc) = each($locs)) {
- if ($_REQUEST["L"] == $id) {
+ if (intval($_REQUEST["L"]) == $id) {
print " <option value=".$id." selected> ".$loc."\n";
} else {
print " <option value=".$id."> ".$loc."\n";
@@ -120,7 +112,7 @@ function pkg_search_page($SID="") {
print " <select name='C'>\n";
print " <option value=0> ".__("Any")."\n";
while (list($id, $cat) = each($cats)) {
- if ($_REQUEST["C"] == $id) {
+ if (intval($_REQUEST["C"]) == $id) {
print " <option value=".$id." selected> ".$cat."\n";
} else {
print " <option value=".$id."> ".$cat."\n";
@@ -133,6 +125,8 @@ function pkg_search_page($SID="") {
print " <span class='f5'><span class='blue'>".__("Keywords");
print "</span></span><br />\n";
print " <input type='text' name='K' size='35'";
+ $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for
+ # SQL trickery...
print " value=\"".stripslashes($K)."\" maxlength='35'>\n";
print "</td>\n";
@@ -198,16 +192,16 @@ function pkg_search_page($SID="") {
# $q.= "ON Packages.ID = PackageVotes.PackageID ";
$q = "SELECT * FROM Packages ";
$has_where = 0;
- if (isset($_REQUEST["L"]) && $_REQUEST["L"]) {
- $q.= "WHERE LocationID = ".mysql_escape_string($_REQUEST["L"])." ";
+ if (isset($_REQUEST["L"]) && intval($_REQUEST["L"])) {
+ $q.= "WHERE LocationID = ".intval($_REQUEST["L"])." ";
$has_where = 1;
}
- if (isset($_REQUEST["C"]) && $_REQUEST["C"]) {
+ if (isset($_REQUEST["C"]) && intval($_REQUEST["C"])) {
if (!$has_where) {
- $q.= "WHERE CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
+ $q.= "WHERE CategoryID = ".intval($_REQUEST["C"])." ";
$has_where = 1;
} else {
- $q.= "AND CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
+ $q.= "AND CategoryID = ".intval($_REQUEST["C"])." ";
}
}
if ($K) {
@@ -220,7 +214,7 @@ function pkg_search_page($SID="") {
$q.= "Description LIKE '%".mysql_escape_string($K)."%') ";
}
}
- if (isset($_REQUEST["M"]) && $_REQUEST["M"] && $SID) {
+ if (isset($_REQUEST["do_MyPackages"]) && $SID) {
if ($myuid) {
if (!$has_where) {
$q.= "WHERE MaintainerUID = ".$myuid." ";
@@ -231,22 +225,21 @@ function pkg_search_page($SID="") {
}
}
- switch (isset($_REQUEST["SB"])) {
+ switch ($_REQUEST["SB"]) {
case 'c':
- $q.= "ORDER BY CategoryID ASC, Name ASC, LocationID ASC ";
+ $q.= "ORDER BY CategoryID DESC, Name ASC, LocationID ASC ";
break;
case 'l':
- $q.= "ORDER BY LocationID ASC, Name ASC, CategoryID ASC ";
+ $q.= "ORDER BY LocationID ASC, Name ASC, CategoryID DESC ";
break;
case 'v':
- $q.= "ORDER BY NumVotes DESC, Name ASC, CategoryID ASC ";
+ $q.= "ORDER BY NumVotes DESC, Name ASC, CategoryID DESC ";
break;
default:
- $q.= "ORDER BY Name ASC, LocationID ASC, CategoryID ASC ";
+ $q.= "ORDER BY Name ASC, LocationID ASC, CategoryID DESC ";
break;
}
$q.= "LIMIT ".$O.", ".$PP;
-
print $q."<br />\n";
$result = db_query($q, $dbh);
@@ -257,13 +250,10 @@ function pkg_search_page($SID="") {
print __("No packages matched your search criteria.");
} else {
- # TODO need an "action" table in here like on /devel? It would
- # allow the visitor to flag packages out-of-date, vote, adopt/disown?
- # Probably need to think about the overall UI of this - the package
- # name will be a link that goes to 'details'. There should also be
- # a column for 'manage/edit'
if ($SID) {
+ # The 'Actions' table
+ #
print "<center>\n";
print "<table cellspacing='3' class='boxSoft'>\n";
print "<tr>\n";