Skip to content
Permalink
Browse files Browse the repository at this point in the history
Check for sql injection by '";
Plugin work automatic without code in 404 template

git-svn-id: https://plugins.svn.wordpress.org/404like/trunk@503776 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
tobig committed Feb 11, 2012
1 parent dd307de commit 2c4b589
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 7 deletions.
31 changes: 26 additions & 5 deletions 404Like.php
Expand Up @@ -3,7 +3,7 @@
Plugin Name: 404Like
Plugin URI: http://www.gnetos.de/projekte/404Like
Description: Es wird keine 404 Fehlermeldung ausgegeben, sondern nach ähnlichen Seiten gesucht und auf eventuelle Treffer weitergeleitet oder eine Liste möglicher Treffer ausgegeben / It is not issued any 404 error message, but looking for similar sites and forwarded to any results or output a list of possible matches
Version: 1.0
Version: 1.0.2
Author: Tobias Gafner
Author URI: http://www.gnetos.de
License: GPL2
Expand All @@ -28,16 +28,18 @@
* Search function
*/
function findPostWhereLikeNameTitle($title = "") {
$title = strtolower($title);
$where .= " (post_type = 'post' OR post_type = 'page') AND
post_status = 'publish' AND (post_name like '%".$title."%' OR post_title like '%".$title."%')";
post_status = 'publish' AND (LOWER(post_name) like '%".$title."%' OR post_title like '%".$title."%')";
return $where;
}
/**
* Search function
*/
function findPostWhereLike($title = "") {
$title = strtolower($title);
$where = " (post_type = 'post' OR post_type = 'page') AND
post_status = 'publish' AND (post_title like '%".$title."%')";
post_status = 'publish' AND (LOWER(post_title) like '%".$title."%')";
return $where;
}
/**
Expand All @@ -52,11 +54,15 @@ function findPostWhereLike($title = "") {
*/
function checkPage() {
global $wpdb;

if ( !is_404() )
return;

$urltext = $_SERVER['REQUEST_URI'];
//$urltexta = substr($urltext,1);
$urltext = trim($urltext);
//Letztes / loeschen
//schuetzen
$urltext = htmlspecialchars($urltext);
if(strlen($urltext) != 0) {
//Letztes Zeichen ist ?
Expand All @@ -66,16 +72,22 @@ function checkPage() {
//Letztes von xxx/xxxx/xxx ist interessant
$searchWord = substr (strrchr ($urltext, "/"), 1);
//SQL
$searchWord = stripslashes($searchWord);
$searchWord = str_replace ("'", "", $searchWord);
$searchWord = str_replace ('"', "", $searchWord);
$searchWord = str_replace (';', "", $searchWord);
$querystr = "SELECT * FROM $wpdb->posts WHERE ".findPostWhereLike($searchWord);
$pageposts = $wpdb->get_col($querystr);
if ($pageposts) {
ob_start();
if (count($pageposts) == 1) {

if (count($pageposts) == 1 || ($searchWord == "404Like" || $searchWord == "404like")) {
foreach ($pageposts as $id) {
$url = get_permalink($id);
echo $inhalt;
wp_redirect($url,301);
// Okay, stop.
break;
}

wp_reset_query();
Expand Down Expand Up @@ -112,7 +124,7 @@ function new404ErrorPage() {
$pageposts = $wpdb->get_col($querystr);
if ($pageposts) {
//Ausgabe
echo '<div id="errorresults"><h2 class="twost">Folgendes Gesucht ?</h2><ul>';
echo '<div id="errorresults"><h2 class="twost">'.__("Folgendes Gesucht").' ?</h2><ul>';
foreach ($pageposts as $id) {
$post_id_7 = get_post($id);
$url = get_permalink($id);
Expand All @@ -125,4 +137,13 @@ function new404ErrorPage() {
wp_reset_query();
}
}

function plugin404Like_filter($redirect, $request) {

if ( is_404() ) {return false;}
return $redirect;
}

add_action( 'template_redirect', 'checkPage' );
add_filter( 'redirect_canonical', 'plugin404Like_filter', 10, 2 );
?>
4 changes: 2 additions & 2 deletions readme.txt
Expand Up @@ -3,7 +3,7 @@ Contributors: tobig
Donate link: http://www.gnetos.de
Tags: 404, not found
Requires at least: 2.7.0
Tested up to: 3.0
Tested up to: 3.3.0
Stable tag: trunk

It is not issued any 404 error message, but looking for similar sites and forwarded to any results or output a list of possible matches
Expand All @@ -16,5 +16,5 @@ It is not issued any 404 error message, but looking for similar sites and forwar

1. Upload `404Like.php` to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Place `<?php checkPage(); ? >` in first line of your 404 template page.
3. Nothing, it works without any other activities - you can test it
4. Optional add < ? php new404ErrorPage(); ? > to your 404 template page.

0 comments on commit 2c4b589

Please sign in to comment.