summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc1
-rw-r--r--web/lib/pkgfuncs.inc (renamed from web/lib/pkgs.inc)70
2 files changed, 38 insertions, 33 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 9cd7fab2..d27b96f4 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -464,6 +464,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
}
$search_vars[] = "SB";
$q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE;
+
$result = db_query($q, $dbh);
if (!$result) {
print __("No results matched your search criteria.");
diff --git a/web/lib/pkgs.inc b/web/lib/pkgfuncs.inc
index 9fd70cbf..c8427ab8 100644
--- a/web/lib/pkgs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -1,5 +1,5 @@
<?
-include_once("pkgs_po.inc");
+include_once("pkgfuncs_po.inc");
# grab the current list of PackageCategories
#
@@ -35,8 +35,8 @@ function pkgLocations() {
# display the search form in a boxSoft style
#
-function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
- $D="") {
+function pkg_search_page($SID="") {
+ global $_REQUEST;
# SID: session id cookie
# L: PackageLocations.ID
# C: PackageCategories.ID
@@ -53,16 +53,20 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
$dbh = db_connect();
- if (!$PP) {$PP = 25;}
- if ($O) {
- $OFFSET = intval($O);
- } else {
- $OFFSET = 0;
+ # determine paging variables
+ #
+ isset($_REQUEST["PP"]) ? $PP = intval($_REQUEST["PP"]) : $PP = 25;
+ isset($_REQUEST["O"]) ? $O = intval($_REQUEST["O"]) : $O = 0;
+ if (isset($_REQUEST["do_More"])) {
+ $O += $PP;
+ } elseif (isset($_REQUEST["do_Less"])) {
+ $O -= $PP;
}
- if ($OFFSET < 0) {
- $OFFSET = 0;
+ if ($O < 0) {
+ $O = 0;
}
+
# grab info for user if they're logged in
#
if ($SID) {
@@ -72,15 +76,15 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
# The search form
#
- print "SID=$SID, L=$L, C=$C, K=$K, SB=$SB, M=$M, O=$O, PP=$PP<br />\n";
-
+ $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for
+ # SQL trickery...
print "<form action='/pkgsearch.php' method='post'>\n";
- print "<input type='hidden' name='O' value='".($OFFSET+intval($PP))."'>\n";
- print "<input type='hidden' name='L' value='".$L."'>\n";
- print "<input type='hidden' name='M' value='".$M."'>\n";
- print "<input type='hidden' name='C' value='".$C."'>\n";
+ print "<input type='hidden' name='O' value='".$O."'>\n";
+ print "<input type='hidden' name='L' value='".$_REQUEST["L"]."'>\n";
+ print "<input type='hidden' name='M' value='".$_REQUEST["M"]."'>\n";
+ print "<input type='hidden' name='C' value='".$_REQUEST["C"]."'>\n";
print "<input type='hidden' name='K' value='".$K."'>\n";
- print "<input type='hidden' name='SB' value='".$SB."'>\n";
+ print "<input type='hidden' name='SB' value='".$_REQUEST["SB"]."'>\n";
print "<input type='hidden' name='PP' value='".$PP."'>\n";
print "<center>\n";
@@ -101,7 +105,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
print " <select name='L'>\n";
print " <option value=0> ".__("Any")."\n";
while (list($id, $loc) = each($locs)) {
- if ($L == $id) {
+ if ($_REQUEST["L"] == $id) {
print " <option value=".$id." selected> ".$loc."\n";
} else {
print " <option value=".$id."> ".$loc."\n";
@@ -116,7 +120,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
print " <select name='C'>\n";
print " <option value=0> ".__("Any")."\n";
while (list($id, $cat) = each($cats)) {
- if ($C == $id) {
+ if ($_REQUEST["C"] == $id) {
print " <option value=".$id." selected> ".$cat."\n";
} else {
print " <option value=".$id."> ".$cat."\n";
@@ -129,7 +133,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
print " <span class='f5'><span class='blue'>".__("Keywords");
print "</span></span><br />\n";
print " <input type='text' name='K' size='35'";
- print " value='".$K."' maxlength='35'>\n";
+ print " value=\"".stripslashes($K)."\" maxlength='35'>\n";
print "</td>\n";
print "<td align='right'>\n";
@@ -137,16 +141,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
print "</span></span><br />\n";
print " <select name='SB'>\n";
print " <option value=n";
- $SB == "n" ? print " selected> " : print "> ";
+ $_REQUEST["SB"] == "n" ? print " selected> " : print "> ";
print __("Name")."\n";
print " <option value=c";
- $SB == "c" ? print " selected> " : print "> ";
+ $_REQUEST["SB"] == "c" ? print " selected> " : print "> ";
print __("Category")."\n";
print " <option value=l";
- $SB == "l" ? print " selected> " : print "> ";
+ $_REQUEST["SB"] == "l" ? print " selected> " : print "> ";
print __("Location")."\n";
print " <option value=v";
- $SB == "v" ? print " selected> " : print "> ";
+ $_REQUEST["SB"] == "v" ? print " selected> " : print "> ";
print __("Votes")."\n";
print " </select>\n";
print "</td>\n";
@@ -194,16 +198,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
# $q.= "ON Packages.ID = PackageVotes.PackageID ";
$q = "SELECT * FROM Packages ";
$has_where = 0;
- if ($L) {
- $q.= "WHERE LocationID = ".intval($L)." ";
+ if (isset($_REQUEST["L"]) && $_REQUEST["L"]) {
+ $q.= "WHERE LocationID = ".mysql_escape_string($_REQUEST["L"])." ";
$has_where = 1;
}
- if ($C) {
+ if (isset($_REQUEST["C"]) && $_REQUEST["C"]) {
if (!$has_where) {
- $q.= "WHERE CategoryID = ".intval($C)." ";
+ $q.= "WHERE CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
$has_where = 1;
} else {
- $q.= "AND CategoryID = ".intval($C)." ";
+ $q.= "AND CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
}
}
if ($K) {
@@ -216,7 +220,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
$q.= "Description LIKE '%".mysql_escape_string($K)."%') ";
}
}
- if ($M && $SID) {
+ if (isset($_REQUEST["M"]) && $_REQUEST["M"] && $SID) {
if ($myuid) {
if (!$has_where) {
$q.= "WHERE MaintainerUID = ".$myuid." ";
@@ -227,7 +231,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
}
}
- switch ($SB) {
+ switch (isset($_REQUEST["SB"])) {
case 'c':
$q.= "ORDER BY CategoryID ASC, Name ASC, LocationID ASC ";
break;
@@ -241,13 +245,13 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
$q.= "ORDER BY Name ASC, LocationID ASC, CategoryID ASC ";
break;
}
- $q.= "LIMIT ".$OFFSET.", ".intval($PP);
+ $q.= "LIMIT ".$O.", ".$PP;
print $q."<br />\n";
$result = db_query($q, $dbh);
if (!$result) {
- print __("No packages matched your search criteria.");
+ print __("Error retrieving package list.");
} elseif (!mysql_num_rows($result)) {
print __("No packages matched your search criteria.");