Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update user search
Update user search from 0.41 to 0.50
  • Loading branch information
Colinax committed May 8, 2017
1 parent 0aebd7a commit 0da6200
Show file tree
Hide file tree
Showing 4 changed files with 107 additions and 113 deletions.
164 changes: 82 additions & 82 deletions wbce/modules/user_search/htt/usersearch_result.htt
@@ -1,82 +1,82 @@
<h2>{HEADING_RESULT}</h2>
<p>{HOWTO_RESULT}</p>
<table width="98%" cellspacing="0" border="0" cellpadding="5px" class="row_a">
<tr>
<td style="width: 220px;"><strong>{SEARCH_DETAIL_RESULT}:</strong></td>
<td><strong>&nbsp;</td>
</tr>
<!-- BEGIN searchterm_block -->
<tr>
<td>{SEARCH_ITEM_RESULT}:</td>
<td>{BEGRIFF}</td>
</tr>
<tr>
<td>{SEARCH_FIELD_RESULT}:</td>
<td>{DISPLAYSEARCHFIELD}</td>
</tr>
<!-- END searchterm_block -->
<!-- BEGIN group_block -->
<tr>
<td>{GROUP_RESULT}:</td>
<td>{GROUP_NAME}</td>
</tr>
<!-- END group_block -->
<!-- BEGIN last_login_block -->
<tr>
<td>{LAST_LOGIN}:</td>
<td>{BEFORE_OR_AFTER} {DATE_RESULT}</td>
</tr>
<!-- END last_login_block -->
<tr>
<td colspan="2"><br /><strong>{SHOW_RESULT}:</strong></td>
</tr>
<!-- BEGIN no_result_block -->
{NO_RESULT}
<!-- END no_result_block -->
<!-- BEGIN result_table_block -->
<table width="100%" border="0" cellpadding="2" cellspacing="0" style="border-collapse: collapse;">
<tr style="background-color: #BDCDD9;">
<td align="right" style="font-weight:bold; border: 1px solid #ccc;">ID</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{USER_NAME}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{REAL_NAME}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{EMAIL}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{LAST_LOGIN}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{LAST_IP}</td>
</tr>
<!-- BEGIN result_list_block -->
<tr style="background-color: {RESULT_BGCOL}">
<td align="center" style="border: 1px solid #ccc;">
<form name="edituser{RESULT_USER_ID}" method="post" action="{ADMIN_URL}/users/users.php" target="_blank">
<input type="hidden" name="user_id" value="{IDKEY_USER_ID}" />
<input type="hidden" name="modify" value="modify" />
<input type="hidden" name="details" value="{RESULT_USER_ID}" />
<b>{RESULT_USER_ID}</b>
</form>
</td>
<td align="left" style="border: 1px solid #ccc;">
<a OnClick="javascript:if ({RESULT_USER_ID}!=1) { document.edituser{RESULT_USER_ID}.submit();} else {alert('{RESULT_ADMIN_DISABLED}');}; return false;" HREF="#" title="{RESULT_EDIT_USER}: {RESULT_DISPLAYNAME}">{RESULT_USERNAME}</a>
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_DISPLAYNAME}
</td>
<td align="left" style="border: 1px solid #ccc;">
<a href="mailto:{RESULT_EMAIL}">{RESULT_EMAIL}</a>
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_LASTLOGIN}/({RESULT_DAYS_INACTIVE})
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_LAST_IP}
</td>
</tr>
<!-- END result_list_block -->
<tr>
<td colspan="6" style="font-size:smaller;" align="center">{HINT_EDIT}</td>
</tr>
</table>
</td>
</tr>
</table>
<!-- END result_table_block -->
<h2>{HEADING_RESULT}</h2>
<p>{HOWTO_RESULT}</p>
<table width="98%" cellspacing="0" border="0" cellpadding="5px" class="row_a">
<tr>
<td style="width: 220px;"><strong>{SEARCH_DETAIL_RESULT}:</strong></td>

</tr>
<!-- BEGIN searchterm_block -->
<tr>
<td>{SEARCH_ITEM_RESULT}:</td>
<td>{BEGRIFF}</td>
</tr>
<tr>
<td>{SEARCH_FIELD_RESULT}:</td>
<td>{DISPLAYSEARCHFIELD}</td>
</tr>
<!-- END searchterm_block -->
<!-- BEGIN group_block -->
<tr>
<td>{GROUP_RESULT}:</td>
<td>{GROUP_NAME}</td>
</tr>
<!-- END group_block -->
<!-- BEGIN last_login_block -->
<tr>
<td>{LAST_LOGIN}:</td>
<td>{BEFORE_OR_AFTER} {DATE_RESULT}</td>
</tr>
<!-- END last_login_block -->
<tr>
<td colspan="2"><br /><strong>{SHOW_RESULT}:</strong></td>
</tr>

<!-- BEGIN no_result_block -->
{NO_RESULT}
<!-- END no_result_block -->
<!-- BEGIN result_table_block -->
<table width="100%" border="0" cellpadding="2" cellspacing="0" style="border-collapse: collapse;">
<tr style="background-color: #BDCDD9;">
<td align="right" style="font-weight:bold; border: 1px solid #ccc;">ID</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{USER_NAME}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{REAL_NAME}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{EMAIL}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{LAST_LOGIN}</td>
<td style="font-weight:bold; border: 1px solid #ccc;">{LAST_IP}</td>
</tr>
<!-- BEGIN result_list_block -->
<tr style="background-color: {RESULT_BGCOL}">
<td align="center" style="border: 1px solid #ccc;">
<form name="edituser{RESULT_USER_ID}" method="post" action="{ADMIN_URL}/users/users.php" target="_blank">
<input type="hidden" name="user_id" value="{IDKEY_USER_ID}" />
<input type="hidden" name="modify" value="modify" />
<input type="hidden" name="details" value="{RESULT_USER_ID}" />
<b>{RESULT_USER_ID}</b>
</form>
</td>
<td align="left" style="border: 1px solid #ccc;">
<a OnClick="javascript:if ({RESULT_USER_ID}!=1) { document.edituser{RESULT_USER_ID}.submit();} else {alert('{RESULT_ADMIN_DISABLED}');}; return false;" HREF="#" title="{RESULT_EDIT_USER}: {RESULT_DISPLAYNAME}">{RESULT_USERNAME}</a>
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_DISPLAYNAME}
</td>
<td align="left" style="border: 1px solid #ccc;">
<a href="mailto:{RESULT_EMAIL}">{RESULT_EMAIL}</a>
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_LASTLOGIN}/({RESULT_DAYS_INACTIVE})
</td>
<td align="left" style="border: 1px solid #ccc;">
{RESULT_LAST_IP}
</td>
</tr>
<!-- END result_list_block -->
<tr>
<td colspan="6" style="font-size:smaller;" align="center">{HINT_EDIT}</td>
</tr>
</table>
</td>
</tr>
</table>
<!-- END result_table_block -->

36 changes: 14 additions & 22 deletions wbce/modules/user_search/info.php
@@ -1,26 +1,18 @@
<?php

// $Id: info.php 591 2009-03-01 19:42:05Z BerndJM $

/*
Website Baker Project <http://www.websitebaker.org/>
Copyright (C) 2004-2008, Ryan Djurovich
Website Baker is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Website Baker is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Website Baker; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-----------------------------------------------------------------------------------------
*
* WBCE CMS
* Way Better Content Editing.
* Visit http://wbce.org to learn more and to join the community.
*
* @copyright Ryan Djurovich (2004-2009)
* @copyright WebsiteBaker Org. e.V. (2009-2015)
* @copyright WBCE Project (2015-)
* @license GNU GPL2 (or any later version)
v0.50 (florian; 08.05.2017)
!fix XSS vulnerability (reported by strukt93@gmail.com)
v0.41 (marmot; 25.05.2013)
! admin url is now set by config.php
! notice regarding mktime
Expand Down Expand Up @@ -65,7 +57,7 @@
$module_directory = 'user_search';
$module_name = 'User search';
$module_function = 'tool';
$module_version = '0.41';
$module_version = '0.50';
$module_platform = '2.8.3';
$module_author = 'Bernd Michna';
$module_license = 'GNU General Public License';
Expand Down
4 changes: 2 additions & 2 deletions wbce/modules/user_search/languages/DE.php
Expand Up @@ -31,8 +31,8 @@

// Textausgaben
$MOD_USER_SEARCH['HEADING'] = 'Benutzer Suche';
$MOD_USER_SEARCH['HOWTO'] = 'Hier sind einige zus&auml;tzliche Funktionen f&uuml;r die Suche.<br />Sie k&ouml;nnen verschiedene Kriterien kombinieren um die Suche zu verbessern. Falls sie ein Kriterium nicht ben&ouml;tigen, lassen Sie es einfach frei.';
$MOD_USER_SEARCH['SUBMIT_ALERT'] = 'Eine Suche ohne Suchbegriff macht keinen Sinn ;-)';
$MOD_USER_SEARCH['HOWTO'] = 'Hier sind einige zus&auml;tzliche Funktionen f&uuml;r die Suche. <br />Sie k&ouml;nnen verschiedene Kriterien kombinieren um die Suche zu verbessern. Falls sie ein Kriterium nicht ben&ouml;tigen, lassen Sie es einfach frei.';
$MOD_USER_SEARCH['SUBMIT_ALERT'] = 'Eine Suche ohne Suchbegriff ergibt keinen Sinn ;-)';
$MOD_USER_SEARCH['SUBMIT_TERM_ALERT'] = 'Wenn Sie einen Suchberiff angeben, m&uuml;ssen Sie mindestens ein Suchfeld ausw&auml;hlen!';
$MOD_USER_SEARCH['SEARCH_ITEM'] = 'Suchbegriff';
$MOD_USER_SEARCH['USE_WILDCARD'] = 'Verwenden Sie * als Wildcard.';
Expand Down
16 changes: 9 additions & 7 deletions wbce/modules/user_search/tool.php
Expand Up @@ -131,10 +131,11 @@
if (isset($_POST['realname'])) $wheretosearch += 2;
if (isset($_POST['email'])) $wheretosearch += 4;

//$item = $admin->add_slashes($admin->get_post('begriff'));
$item_raw = $admin->add_slashes($admin->get_post('begriff'));
$item = $database->escapeString($item_raw);

$xmlstoresearch .= "<searchterm>".$admin->add_slashes($admin->get_post('begriff'))."</searchterm>";
$item = str_replace("*", '%', $admin->add_slashes($admin->get_post('begriff')));
$xmlstoresearch .= "<searchterm>".$item."</searchterm>";
$item = str_replace("*", '%', $item);


switch($wheretosearch) {
Expand Down Expand Up @@ -191,14 +192,15 @@
$xmlstoresearch .= "<before>true</before>";
}
// convert date to timestamp format to compare
$resultquery .= jscalendar_to_timestamp($_POST['comp_date'],TIMEZONE);
$xmlstoresearch .= "<date>".jscalendar_to_timestamp($_POST['comp_date'],TIMEZONE)."</date>";
$resultquery .= $database->escapeString(jscalendar_to_timestamp($_POST['comp_date'],TIMEZONE));

$xmlstoresearch .= "<date>".$database->escapeString(jscalendar_to_timestamp($_POST['comp_date'],TIMEZONE))."</date>";
$xmlstoresearch .= "</datelastlogin>";
}

// if a group was choosen modify the sql query
if (isset($_POST['groups'])&&($_POST['groups']!="-1")) {
$g_id = $_POST['groups'];
$g_id = $database->escapeString($_POST['groups']);
if ($resultquery!="") $resultquery .= ") AND";
$g_id = str_replace(",", '%', $g_id);
$resultquery .= " (groups_id LIKE '%$g_id%'";
Expand Down Expand Up @@ -237,7 +239,7 @@
if ($wheretosearch != 0) {
// display if a search term was entered
$tpl->set_var('SEARCH_ITEM_RESULT', $MOD_USER_SEARCH['SEARCH_ITEM_RESULT']);
$tpl->set_var('BEGRIFF', $admin->add_slashes($admin->get_post('begriff')));
$tpl->set_var('BEGRIFF',htmlspecialchars($admin->get_post('begriff'),ENT_QUOTES, "UTF-8"));
$tpl->set_var('SEARCH_FIELD_RESULT', $MOD_USER_SEARCH['SEARCH_FIELD_RESULT']);
$tpl->set_var('DISPLAYSEARCHFIELD', $displaysearchfield);
$tpl->parse('searchterm_block_handle', 'searchterm_block');
Expand Down

0 comments on commit 0da6200

Please sign in to comment.