Permalink
Browse files

Fixed course searching with quotes - SC#180; merged from MOODLE_15_ST…

…ABLE + other fixes in HEAD only
  • Loading branch information...
1 parent 553fb8d commit 9cc78ee19647f08592f88215a0d184ce60257509 skodak committed Nov 2, 2005
Showing with 22 additions and 18 deletions.
  1. +6 −6 course/lib.php
  2. +16 −12 course/search.php
View
12 course/lib.php
@@ -1500,20 +1500,20 @@ function print_course_search($value="", $return=false, $format="plain") {
if ($format == 'plain') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<center><p align="center" class="coursesearchbox">';
- $output .= '<input type="text" size="30" name="search" alt="'.$strsearchcourses.'" value="'.$value.'" />';
- $output .= '<input type="submit" value="'.$strsearchcourses.'" />';
+ $output .= '<input type="text" size="30" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</p></center></form>';
} else if ($format == 'short') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<center><p align="center" class="coursesearchbox">';
- $output .= '<input type="text" size="12" name="search" alt="'.$strsearchcourses.'" value="'.$value.'" />';
- $output .= '<input type="submit" value="'.$strsearchcourses.'" />';
+ $output .= '<input type="text" size="12" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</p></center></form>';
} else if ($format == 'navbar') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<table border="0" cellpadding="0" cellspacing="0"><tr><td nowrap="nowrap">';
- $output .= '<input type="text" size="20" name="search" alt="'.$strsearchcourses.'" value="'.$value.'" />';
- $output .= '<input type="submit" value="'.$strsearchcourses.'" />';
+ $output .= '<input type="text" size="20" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</td></tr></table>';
$output .= '</form>';
}
View
28 course/search.php
@@ -5,11 +5,11 @@
require_once("../config.php");
require_once("lib.php");
- $search = optional_param('search', '', PARAM_CLEAN); // search words
- $page = optional_param('page', 0, PARAM_INT); // which page to show
+ $search = optional_param('search', '', PARAM_RAW); // search words
+ $page = optional_param('page', 0, PARAM_INT); // which page to show
$perpage = optional_param('perpage', 10, PARAM_INT); // how many per page
- $search = trim(strip_tags($search));
+ $search = trim(strip_tags($search)); // trim & clean raw searched string
if ($search) {
$searchterms = explode(" ", $search); // Search for words independently
@@ -42,6 +42,9 @@
$creatorediting = !empty($USER->categoriessearchediting);
$adminediting = (isadmin() and $creatorediting);
+ } else {
+ $creatorediting = false;
+ $adminediting = false;
}
/// Editing functions
@@ -126,19 +129,20 @@
print_header("$site->fullname : $strsearchresults", $site->fullname,
- "<a href=\"index.php\">$strcourses</a> -> <a href=\"search.php\">$strsearch</a> -> '$search'", "", "", "", $searchform);
+ "<a href=\"index.php\">$strcourses</a> -> <a href=\"search.php\">$strsearch</a> -> '".s($search)."'", "", "", "", $searchform);
$lastcategory = -1;
if ($courses) {
print_heading("$strsearchresults: $totalcount");
- print_paging_bar($totalcount, $page, $perpage, "search.php?search=$search&amp;perpage=$perpage&amp;",'page',($perpage == 99999));
+ $encodedsearch = urlencode(stripslashes($search));
+ print_paging_bar($totalcount, $page, $perpage, "search.php?search=$encodedsearch&amp;perpage=$perpage&amp;",'page',($perpage == 99999));
if ($perpage != 99999 && $totalcount > $perpage) {
echo "<center><p>";
- echo "<a href=\"search.php?search=$search&perpage=99999\">".get_string("showall", "", $totalcount)."</a>";
+ echo "<a href=\"search.php?search=$encodedsearch&perpage=99999\">".get_string("showall", "", $totalcount)."</a>";
echo "</p></center>";
}
@@ -157,7 +161,7 @@
echo "<form name=\"movecourses\" action=\"search.php\" method=\"post\">";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
- echo "<input type=\"hidden\" name=\"search\" value=\"$search\">";
+ echo "<input type=\"hidden\" name=\"search\" value=\"".s($search)."\">";
echo "<input type=\"hidden\" name=\"page\" value=\"$page\">";
echo "<input type=\"hidden\" name=\"perpage\" value=\"$perpage\">";
echo "<table align=\"center\" border=0 cellspacing=2 cellpadding=4 class=\"generalbox\"><tr>";
@@ -187,10 +191,10 @@
echo "<a title=\"".get_string("delete")."\" href=\"delete.php?id=$course->id\"><img".
" src=\"$pixpath/t/delete.gif\" height=\"11\" width=\"11\" border=\"0\"></a> ";
if (!empty($course->visible)) {
- echo "<a title=\"".get_string("hide")."\" href=\"search.php?search=$search&amp;perpage=$perpage&amp;page=$page&amp;hide=$course->id&amp;sesskey=$USER->sesskey\"><img".
+ echo "<a title=\"".get_string("hide")."\" href=\"search.php?search=$encodedsearch&amp;perpage=$perpage&amp;page=$page&amp;hide=$course->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/hide.gif\" height=\"11\" width=\"11\" border=\"0\"></a> ";
} else {
- echo "<a title=\"".get_string("show")."\" href=\"search.php?search=$search&amp;perpage=$perpage&amp;page=$page&amp;show=$course->id&amp;sesskey=$USER->sesskey\"><img".
+ echo "<a title=\"".get_string("show")."\" href=\"search.php?search=$encodedsearch&amp;perpage=$perpage&amp;page=$page&amp;show=$course->id&amp;sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/show.gif\" height=\"11\" width=\"11\" border=\"0\"></a> ";
}
@@ -211,16 +215,16 @@
}
- print_paging_bar($totalcount, $page, $perpage, "search.php?search=$search&amp;perpage=$perpage&amp;",'page',($perpage == 99999));
+ print_paging_bar($totalcount, $page, $perpage, "search.php?search=$encodedsearch&amp;perpage=$perpage&amp;",'page',($perpage == 99999));
if ($perpage != 99999 && $totalcount > $perpage) {
echo "<center><p>";
- echo "<a href=\"search.php?search=$search&perpage=99999\">".get_string("showall", "", $totalcount)."</a>";
+ echo "<a href=\"search.php?search=$encoededsearch&perpage=99999\">".get_string("showall", "", $totalcount)."</a>";
echo "</p></center>";
}
} else {
- print_heading(get_string("nocoursesfound", "", $search));
+ print_heading(get_string("nocoursesfound", "", s($search)));
}
echo "<br /><br />";

0 comments on commit 9cc78ee

Please sign in to comment.