diff options
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/pkgfuncs.inc | 60 |
1 files changed, 25 insertions, 35 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index c8427ab8..2b6dd2be 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -38,14 +38,7 @@ function pkgLocations() { function pkg_search_page($SID="") { global $_REQUEST; # SID: session id cookie - # L: PackageLocations.ID - # C: PackageCategories.ID - # K: Keywords - # SB: Sort by - # M: search "my packages" - # O: Row offset - # PP: Per page - # D: Direction to advance (Less/More) + $locs = pkgLocations(); $cats = pkgCategories(); $devs = getDevelopers(); @@ -56,6 +49,8 @@ function pkg_search_page($SID="") { # determine paging variables # isset($_REQUEST["PP"]) ? $PP = intval($_REQUEST["PP"]) : $PP = 25; + if ($PP < 25) {$PP = 25;} + if ($PP > 100) {$PP = 100;} isset($_REQUEST["O"]) ? $O = intval($_REQUEST["O"]) : $O = 0; if (isset($_REQUEST["do_More"])) { $O += $PP; @@ -65,6 +60,11 @@ function pkg_search_page($SID="") { if ($O < 0) { $O = 0; } + if (isset($_REQUEST["do_Search"]) || isset($_REQUEST["do_MyPackages"])) { + # reset the offset to zero if they hit Go/My Packages + # + $O = 0; + } # grab info for user if they're logged in @@ -76,16 +76,8 @@ function pkg_search_page($SID="") { # The search form # - $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for - # SQL trickery... print "<form action='/pkgsearch.php' method='post'>\n"; print "<input type='hidden' name='O' value='".$O."'>\n"; - print "<input type='hidden' name='L' value='".$_REQUEST["L"]."'>\n"; - print "<input type='hidden' name='M' value='".$_REQUEST["M"]."'>\n"; - print "<input type='hidden' name='C' value='".$_REQUEST["C"]."'>\n"; - print "<input type='hidden' name='K' value='".$K."'>\n"; - print "<input type='hidden' name='SB' value='".$_REQUEST["SB"]."'>\n"; - print "<input type='hidden' name='PP' value='".$PP."'>\n"; print "<center>\n"; print "<table cellspacing='3' class='boxSoft'>\n"; @@ -105,7 +97,7 @@ function pkg_search_page($SID="") { print " <select name='L'>\n"; print " <option value=0> ".__("Any")."\n"; while (list($id, $loc) = each($locs)) { - if ($_REQUEST["L"] == $id) { + if (intval($_REQUEST["L"]) == $id) { print " <option value=".$id." selected> ".$loc."\n"; } else { print " <option value=".$id."> ".$loc."\n"; @@ -120,7 +112,7 @@ function pkg_search_page($SID="") { print " <select name='C'>\n"; print " <option value=0> ".__("Any")."\n"; while (list($id, $cat) = each($cats)) { - if ($_REQUEST["C"] == $id) { + if (intval($_REQUEST["C"]) == $id) { print " <option value=".$id." selected> ".$cat."\n"; } else { print " <option value=".$id."> ".$cat."\n"; @@ -133,6 +125,8 @@ function pkg_search_page($SID="") { print " <span class='f5'><span class='blue'>".__("Keywords"); print "</span></span><br />\n"; print " <input type='text' name='K' size='35'"; + $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for + # SQL trickery... print " value=\"".stripslashes($K)."\" maxlength='35'>\n"; print "</td>\n"; @@ -198,16 +192,16 @@ function pkg_search_page($SID="") { # $q.= "ON Packages.ID = PackageVotes.PackageID "; $q = "SELECT * FROM Packages "; $has_where = 0; - if (isset($_REQUEST["L"]) && $_REQUEST["L"]) { - $q.= "WHERE LocationID = ".mysql_escape_string($_REQUEST["L"])." "; + if (isset($_REQUEST["L"]) && intval($_REQUEST["L"])) { + $q.= "WHERE LocationID = ".intval($_REQUEST["L"])." "; $has_where = 1; } - if (isset($_REQUEST["C"]) && $_REQUEST["C"]) { + if (isset($_REQUEST["C"]) && intval($_REQUEST["C"])) { if (!$has_where) { - $q.= "WHERE CategoryID = ".mysql_escape_string($_REQUEST["C"])." "; + $q.= "WHERE CategoryID = ".intval($_REQUEST["C"])." "; $has_where = 1; } else { - $q.= "AND CategoryID = ".mysql_escape_string($_REQUEST["C"])." "; + $q.= "AND CategoryID = ".intval($_REQUEST["C"])." "; } } if ($K) { @@ -220,7 +214,7 @@ function pkg_search_page($SID="") { $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; } } - if (isset($_REQUEST["M"]) && $_REQUEST["M"] && $SID) { + if (isset($_REQUEST["do_MyPackages"]) && $SID) { if ($myuid) { if (!$has_where) { $q.= "WHERE MaintainerUID = ".$myuid." "; @@ -231,22 +225,21 @@ function pkg_search_page($SID="") { } } - switch (isset($_REQUEST["SB"])) { + switch ($_REQUEST["SB"]) { case 'c': - $q.= "ORDER BY CategoryID ASC, Name ASC, LocationID ASC "; + $q.= "ORDER BY CategoryID DESC, Name ASC, LocationID ASC "; break; case 'l': - $q.= "ORDER BY LocationID ASC, Name ASC, CategoryID ASC "; + $q.= "ORDER BY LocationID ASC, Name ASC, CategoryID DESC "; break; case 'v': - $q.= "ORDER BY NumVotes DESC, Name ASC, CategoryID ASC "; + $q.= "ORDER BY NumVotes DESC, Name ASC, CategoryID DESC "; break; default: - $q.= "ORDER BY Name ASC, LocationID ASC, CategoryID ASC "; + $q.= "ORDER BY Name ASC, LocationID ASC, CategoryID DESC "; break; } $q.= "LIMIT ".$O.", ".$PP; - print $q."<br />\n"; $result = db_query($q, $dbh); @@ -257,13 +250,10 @@ function pkg_search_page($SID="") { print __("No packages matched your search criteria."); } else { - # TODO need an "action" table in here like on /devel? It would - # allow the visitor to flag packages out-of-date, vote, adopt/disown? - # Probably need to think about the overall UI of this - the package - # name will be a link that goes to 'details'. There should also be - # a column for 'manage/edit' if ($SID) { + # The 'Actions' table + # print "<center>\n"; print "<table cellspacing='3' class='boxSoft'>\n"; print "<tr>\n"; |