diff options
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/acctfuncs.inc | 1 | ||||
-rw-r--r-- | web/lib/pkgfuncs.inc (renamed from web/lib/pkgs.inc) | 70 |
2 files changed, 38 insertions, 33 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 9cd7fab2..d27b96f4 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -464,6 +464,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", } $search_vars[] = "SB"; $q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE; + $result = db_query($q, $dbh); if (!$result) { print __("No results matched your search criteria."); diff --git a/web/lib/pkgs.inc b/web/lib/pkgfuncs.inc index 9fd70cbf..c8427ab8 100644 --- a/web/lib/pkgs.inc +++ b/web/lib/pkgfuncs.inc @@ -1,5 +1,5 @@ <? -include_once("pkgs_po.inc"); +include_once("pkgfuncs_po.inc"); # grab the current list of PackageCategories # @@ -35,8 +35,8 @@ function pkgLocations() { # display the search form in a boxSoft style # -function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, - $D="") { +function pkg_search_page($SID="") { + global $_REQUEST; # SID: session id cookie # L: PackageLocations.ID # C: PackageCategories.ID @@ -53,16 +53,20 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, $dbh = db_connect(); - if (!$PP) {$PP = 25;} - if ($O) { - $OFFSET = intval($O); - } else { - $OFFSET = 0; + # determine paging variables + # + isset($_REQUEST["PP"]) ? $PP = intval($_REQUEST["PP"]) : $PP = 25; + isset($_REQUEST["O"]) ? $O = intval($_REQUEST["O"]) : $O = 0; + if (isset($_REQUEST["do_More"])) { + $O += $PP; + } elseif (isset($_REQUEST["do_Less"])) { + $O -= $PP; } - if ($OFFSET < 0) { - $OFFSET = 0; + if ($O < 0) { + $O = 0; } + # grab info for user if they're logged in # if ($SID) { @@ -72,15 +76,15 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, # The search form # - print "SID=$SID, L=$L, C=$C, K=$K, SB=$SB, M=$M, O=$O, PP=$PP<br />\n"; - + $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for + # SQL trickery... print "<form action='/pkgsearch.php' method='post'>\n"; - print "<input type='hidden' name='O' value='".($OFFSET+intval($PP))."'>\n"; - print "<input type='hidden' name='L' value='".$L."'>\n"; - print "<input type='hidden' name='M' value='".$M."'>\n"; - print "<input type='hidden' name='C' value='".$C."'>\n"; + print "<input type='hidden' name='O' value='".$O."'>\n"; + print "<input type='hidden' name='L' value='".$_REQUEST["L"]."'>\n"; + print "<input type='hidden' name='M' value='".$_REQUEST["M"]."'>\n"; + print "<input type='hidden' name='C' value='".$_REQUEST["C"]."'>\n"; print "<input type='hidden' name='K' value='".$K."'>\n"; - print "<input type='hidden' name='SB' value='".$SB."'>\n"; + print "<input type='hidden' name='SB' value='".$_REQUEST["SB"]."'>\n"; print "<input type='hidden' name='PP' value='".$PP."'>\n"; print "<center>\n"; @@ -101,7 +105,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, print " <select name='L'>\n"; print " <option value=0> ".__("Any")."\n"; while (list($id, $loc) = each($locs)) { - if ($L == $id) { + if ($_REQUEST["L"] == $id) { print " <option value=".$id." selected> ".$loc."\n"; } else { print " <option value=".$id."> ".$loc."\n"; @@ -116,7 +120,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, print " <select name='C'>\n"; print " <option value=0> ".__("Any")."\n"; while (list($id, $cat) = each($cats)) { - if ($C == $id) { + if ($_REQUEST["C"] == $id) { print " <option value=".$id." selected> ".$cat."\n"; } else { print " <option value=".$id."> ".$cat."\n"; @@ -129,7 +133,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, print " <span class='f5'><span class='blue'>".__("Keywords"); print "</span></span><br />\n"; print " <input type='text' name='K' size='35'"; - print " value='".$K."' maxlength='35'>\n"; + print " value=\"".stripslashes($K)."\" maxlength='35'>\n"; print "</td>\n"; print "<td align='right'>\n"; @@ -137,16 +141,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, print "</span></span><br />\n"; print " <select name='SB'>\n"; print " <option value=n"; - $SB == "n" ? print " selected> " : print "> "; + $_REQUEST["SB"] == "n" ? print " selected> " : print "> "; print __("Name")."\n"; print " <option value=c"; - $SB == "c" ? print " selected> " : print "> "; + $_REQUEST["SB"] == "c" ? print " selected> " : print "> "; print __("Category")."\n"; print " <option value=l"; - $SB == "l" ? print " selected> " : print "> "; + $_REQUEST["SB"] == "l" ? print " selected> " : print "> "; print __("Location")."\n"; print " <option value=v"; - $SB == "v" ? print " selected> " : print "> "; + $_REQUEST["SB"] == "v" ? print " selected> " : print "> "; print __("Votes")."\n"; print " </select>\n"; print "</td>\n"; @@ -194,16 +198,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, # $q.= "ON Packages.ID = PackageVotes.PackageID "; $q = "SELECT * FROM Packages "; $has_where = 0; - if ($L) { - $q.= "WHERE LocationID = ".intval($L)." "; + if (isset($_REQUEST["L"]) && $_REQUEST["L"]) { + $q.= "WHERE LocationID = ".mysql_escape_string($_REQUEST["L"])." "; $has_where = 1; } - if ($C) { + if (isset($_REQUEST["C"]) && $_REQUEST["C"]) { if (!$has_where) { - $q.= "WHERE CategoryID = ".intval($C)." "; + $q.= "WHERE CategoryID = ".mysql_escape_string($_REQUEST["C"])." "; $has_where = 1; } else { - $q.= "AND CategoryID = ".intval($C)." "; + $q.= "AND CategoryID = ".mysql_escape_string($_REQUEST["C"])." "; } } if ($K) { @@ -216,7 +220,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; } } - if ($M && $SID) { + if (isset($_REQUEST["M"]) && $_REQUEST["M"] && $SID) { if ($myuid) { if (!$has_where) { $q.= "WHERE MaintainerUID = ".$myuid." "; @@ -227,7 +231,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, } } - switch ($SB) { + switch (isset($_REQUEST["SB"])) { case 'c': $q.= "ORDER BY CategoryID ASC, Name ASC, LocationID ASC "; break; @@ -241,13 +245,13 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25, $q.= "ORDER BY Name ASC, LocationID ASC, CategoryID ASC "; break; } - $q.= "LIMIT ".$OFFSET.", ".intval($PP); + $q.= "LIMIT ".$O.", ".$PP; print $q."<br />\n"; $result = db_query($q, $dbh); if (!$result) { - print __("No packages matched your search criteria."); + print __("Error retrieving package list."); } elseif (!mysql_num_rows($result)) { print __("No packages matched your search criteria."); |