Skip to content
Permalink
Browse files Browse the repository at this point in the history
Added search to the blog and fixed an XSS issue in tag.php
  • Loading branch information
brianlmoon committed Jan 11, 2009
1 parent 586732d commit be23028
Show file tree
Hide file tree
Showing 20 changed files with 139 additions and 27 deletions.
5 changes: 3 additions & 2 deletions feed.php
Expand Up @@ -6,8 +6,9 @@
include_once "./include/feeds.php";

$tag = (empty($_GET["tag"])) ? "" : $_GET["tag"];
$query = (empty($_GET["q"])) ? "" : $_GET["q"];

$data = wc_db_get_post_list(0, 30, true, "", $tag);
$data = wc_db_get_post_list(0, 30, true, $query, $tag);

$WCDATA["posts"] = $data[0];

Expand All @@ -26,7 +27,7 @@

$feed_type = (empty($_GET["type"])) ? "rss" : $_GET["type"];

$url = wc_get_url("feed", $feed_type, $tag);
$url = wc_get_url("feed", $feed_type, $tag, $query);

switch($feed_type){
case "atom":
Expand Down
2 changes: 1 addition & 1 deletion include/common.php
Expand Up @@ -3,7 +3,7 @@
// Check that this file is not loaded directly.
if ( basename( __FILE__ ) == basename( $_SERVER["PHP_SELF"] ) ) exit();

define("WC", "0.6");
define("WC", "0.7");

include_once dirname(__FILE__)."/config.php";
include_once dirname(__FILE__)."/database.php";
Expand Down
1 change: 1 addition & 0 deletions include/output.php
Expand Up @@ -80,6 +80,7 @@ function wc_build_common_data(&$WCDATA) {

$WCDATA["base_url"] = $WC["base_url"];
$WCDATA["home_url"] = wc_get_url("main");
$WCDATA["search_url"] = wc_get_url("search");

if(empty($WCDATA["feed_url"])){
$WCDATA["feed_url"] = wc_get_url("feed");
Expand Down
3 changes: 3 additions & 0 deletions include/url.php
Expand Up @@ -50,6 +50,9 @@ function wc_get_url() {
case 3:
$url = sprintf("%s/%s".$WC["url_formats"][$args[0]]["format"], $WC["base_url"], $WC["url_formats"][$args[0]]["page"], $args[1], $args[2]);
break;
case 4:
$url = sprintf("%s/%s".$WC["url_formats"][$args[0]]["format"], $WC["base_url"], $WC["url_formats"][$args[0]]["page"], $args[1], $args[2], $args[3]);
break;
default:
$bt = debug_backtrace();
trigger_error("Wrong parameter count for ".__FUNCTION__."() in ".$bt[0]["file"]." on line ".$bt[0]["line"], E_USER_WARNING);
Expand Down
56 changes: 56 additions & 0 deletions search.php
@@ -0,0 +1,56 @@
<?php

include_once "./include/common.php";
include_once "./include/database.php";
include_once "./include/output.php";
include_once "./include/format.php";

$display = 10;

if(isset($_GET["s"])){
$start = (int)$_GET["s"];
} else {
$start = 0;
}

$query = (isset($_GET["q"])) ? trim((string)$_GET["q"]) : "";

if(empty($query)){
wc_output("notfound");
return;
}

list($WCDATA["posts"], $total_posts) = wc_db_get_post_list($start, $display, true, $query);

if($total_posts<1){
wc_output("notfound");
return;
}

foreach($WCDATA["posts"] as &$post){
wc_format_post($post);
}
unset($post);

$WCDATA["title"] = "Posts containing `".htmlspecialchars($query)."` - ".$WC["default_title"];
$WCDATA["description"] = "Posts containing `".htmlspecialchars($query)."`. ".$WC["default_description"];

$WCDATA["feed_url"] = wc_get_url("feed", "rss", "", $query);

if($total_posts > $start + $display) {
$s = $start + $display;
$WCDATA["older_url"] = wc_get_url("tag", $tag)."&s=$s";
}

if(($start > 0)){
$WCDATA["newer_url"] = wc_get_url("tag", $tag);
$s = $start - $display;
if($s>0){
$WCDATA["newer_url"].="&s=$s";
}
}


wc_output("post_list", $WCDATA);

?>
6 changes: 3 additions & 3 deletions tag.php
Expand Up @@ -32,10 +32,10 @@
}
unset($post);

$WCDATA["title"] = "Posts tagged with '$tag' - ".$WC["default_title"];
$WCDATA["description"] = "Posts tagged with '$tag'. ".$WC["default_description"];
$WCDATA["title"] = "Posts tagged with `".htmlspecialchars($tag)."` - ".$WC["default_title"];
$WCDATA["description"] = "Posts tagged with `".htmlspecialchars($tag)."`. ".$WC["default_description"];

$WCDATA["feed_url"] = wc_get_url("feed", "rss", $tag);
$WCDATA["feed_url"] = wc_get_url("feed", "rss", $tag, "");

if($total_posts > $start + $display) {
$s = $start + $display;
Expand Down
5 changes: 5 additions & 0 deletions templates/Basic/default.css
Expand Up @@ -214,6 +214,11 @@ div.comment img {
font-size: 100%;
}

#secondarycontent form #q {
width: 75%;
}


#secondarycontent div.content {
margin-bottom: 20px;
}
Expand Down
6 changes: 6 additions & 0 deletions templates/Basic/footer.php
Expand Up @@ -6,6 +6,12 @@

<!-- secondary content start -->

<h3>Search</h3>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" id="submit" value="Go">
</form>


<h3>Tags</h3>
<div class="content">
<ul class="linklist">
Expand Down
5 changes: 5 additions & 0 deletions templates/Refresh/header.php
Expand Up @@ -36,6 +36,11 @@

<div id="sidebar">

<h1>Search</h1>
<form id="search" class="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q" class="textbox"><input class="button" type="submit" id="submit" value="Go">
</form>

<h1>Tags</h1>
<div class="left-box">
<ul class="sidemenu">
Expand Down
4 changes: 1 addition & 3 deletions templates/Refresh/style.css
Expand Up @@ -131,8 +131,6 @@ input.button {

/* search */
form.search {
position: absolute;
top: 35px; right: 25px;
background: transparent;
border: none;
}
Expand All @@ -146,7 +144,7 @@ form.search input.button {
background: #CCC url(images/headerbg.gif) repeat-x;
color: #333;
border: none;
width: 70px; height: 21px;
width: 40px; height: 21px;
}

/********************************************
Expand Down
5 changes: 5 additions & 0 deletions templates/Techmania/footer.php
Expand Up @@ -2,6 +2,11 @@

<div id="sidebar">

<h1>Search</h1>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" class="textbox" name="q" id="q"><input class="button" type="submit" id="submit" value="Go">
</form>

<h1>Tags</h1>
<ul class="sidemenu">
<?php foreach($WCDATA["tags"] as $tag) { ?>
Expand Down
2 changes: 1 addition & 1 deletion templates/Techmania/style.css
Expand Up @@ -140,7 +140,7 @@ input.button {
#sidebar #search {
background: #f2f2f2;
margin: 0 15px;
padding: 5px 0;
padding: 5px;
}
#sidebar #search img {
vertical-align: bottom;
Expand Down
6 changes: 6 additions & 0 deletions templates/bluefreedom2/footer.php
Expand Up @@ -2,6 +2,12 @@

<div class="right">

<h2>Search</h2>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" id="submit" value="Go">
</form>


<h2>Tags</h2>

<ul>
Expand Down
11 changes: 11 additions & 0 deletions templates/deep-red/footer.php
Expand Up @@ -8,6 +8,17 @@
Brian Moon, of dealnews.com, shares what he knows (and learns) about PHP, MySQL and other stuff
</div>

<h3>search</h3>

<ul>
<li>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" value="Go">
</form>
</li>
</ul>


<div id="ad">
<script type="text/javascript"><!--
google_ad_client = "pub-7076699294893330";
Expand Down
5 changes: 5 additions & 0 deletions templates/ebony/footer.php
Expand Up @@ -10,6 +10,11 @@
<?php } ?>
</ul>

<h2>Search</h2>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" id="submit" value="Go">
</form>

<h2>Tags</h2>
<ul>
<?php foreach($WCDATA["tags"] as $tag) { ?>
Expand Down
21 changes: 4 additions & 17 deletions templates/ebony/style.css
Expand Up @@ -161,24 +161,11 @@ text-decoration: none;
}

/* Search */
.searchform {
background: #2b2b2b;
border: 1px solid #808080;
color: #fff;
width: 110px;
}

.searchbutton {
background: #00c;
border: 1px solid #808080;
color: #c0c0c0;
margin-top: 3px;
#search {
padding-left: 20px;
}

.searchbutton:hover {
border: 1px solid #fff;
color: #fff;
cursor: pointer;
#q {
width: 60%;
}

#pagenav {
Expand Down
4 changes: 4 additions & 0 deletions templates/sahara/default.css
Expand Up @@ -248,4 +248,8 @@ body
#column2 li
{
border-bottom: dashed 1px #EFEFD6;
}

#q {
width: 70%;
}
6 changes: 6 additions & 0 deletions templates/sahara/footer.php
@@ -1,6 +1,12 @@
</div>

<div id="column2">

<h3>Search</h3>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" id="submit" value="Go">
</form>

<h3>Tags</h3>
<ul>
<?php foreach($WCDATA["tags"] as $tag) { ?>
Expand Down
8 changes: 8 additions & 0 deletions templates/terrafirma/default.css
Expand Up @@ -217,6 +217,14 @@ ul.linklist li.first {
font-size: 90%;
}

#secondarycontent #search {
padding: 0px 10px 0px 10px;
}

#secondarycontent #q {
width: 60%;
}

#primarycontent {
position: relative;
width: 480px;
Expand Down
5 changes: 5 additions & 0 deletions templates/terrafirma/footer.php
Expand Up @@ -6,6 +6,11 @@

<!-- secondary content start -->

<h3>Search</h3>
<form id="search" action="<?php echo $WCDATA["search_url"]; ?>" method="get">
<input type="text" name="q" id="q"><input type="submit" id="submit" value="Go">
</form>

<h3>Tags</h3>
<div class="content">
<ul class="linklist">
Expand Down

0 comments on commit be23028

Please sign in to comment.