[geeklog-cvs] Geeklog-1.x/system/classes search.class.php, 1.63, 1.64
Dirk Haun
dhaun at qs1489.pair.com
Sat Feb 16 16:24:30 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system/classes
In directory qs1489.pair.com:/tmp/cvs-serv20255/system/classes
Modified Files:
search.class.php
Log Message:
Threw in a few htmlspecialchars() calls
Index: search.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/classes/search.class.php,v
retrieving revision 1.63
retrieving revision 1.64
diff -C2 -d -r1.63 -r1.64
*** search.class.php 25 Nov 2007 06:59:56 -0000 1.63
--- search.class.php 16 Feb 2008 21:24:28 -0000 1.64
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | search.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | search.php |
***************
*** 9,13 ****
// | Geeklog search class. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT geeklog DOT net |
--- 9,13 ----
// | Geeklog search class. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT geeklog DOT net |
***************
*** 311,315 ****
. $A['sid'] . '&query=' . urlencode($this->_query);
}
! $author = $this->_displayName ($A['username'], $A['fullname']);
if ($A['uid'] == 1) {
$profile = $author;
--- 311,316 ----
. $A['sid'] . '&query=' . urlencode($this->_query);
}
! $author = htmlspecialchars($this->_displayName($A['username'],
! $A['fullname']));
if ($A['uid'] == 1) {
$profile = $author;
***************
*** 463,467 ****
$names[$A['uid']] = COM_getDisplayName ($A['uid']);
}
! $author = $names[$A['uid']];
if ($A['uid'] == 1) {
$profile = $author;
--- 464,468 ----
$names[$A['uid']] = COM_getDisplayName ($A['uid']);
}
! $author = htmlspecialchars($names[$A['uid']]);
if ($A['uid'] == 1) {
$profile = $author;
***************
*** 506,518 ****
$searchmain->set_var ('num_matches', '');
if ($this->_keyType == 'any') {
! $searchQuery = str_replace(' ', "</b>' " . $LANG09[57] . " '<b>",$this->_query);
$searchQuery = "<b>'$searchQuery'</b>";
} else {
if ($this->_keyType == 'all') {
! $searchQuery = str_replace(' ', "</b>' " . $LANG09[56] . " '<b>",$this->_query);
$searchQuery = "<b>'$searchQuery'</b>";
} else {
! $searchQuery = $LANG09[55] . " '<b>$this->_query</b>'";
}
}
--- 507,520 ----
$searchmain->set_var ('num_matches', '');
+ $escquery = htmlspecialchars($this->_query);
if ($this->_keyType == 'any') {
! $searchQuery = str_replace(' ', "</b>' " . $LANG09[57] . " '<b>", $escquery);
$searchQuery = "<b>'$searchQuery'</b>";
} else {
if ($this->_keyType == 'all') {
! $searchQuery = str_replace(' ', "</b>' " . $LANG09[56] . " '<b>", $escquery);
$searchQuery = "<b>'$searchQuery'</b>";
} else {
! $searchQuery = $LANG09[55] . " '<b>$escquery</b>'";
}
}
***************
*** 940,945 ****
$useroptions .= ' selected="selected"';
}
! $useroptions .= '>' . $this->_displayName ($A['username'],
! $A['fullname']) . '</option>';
}
$searchform->set_var('author_option_list', $useroptions);
--- 942,946 ----
$useroptions .= ' selected="selected"';
}
! $useroptions .= '>' . htmlspecialchars($this->_displayName($A['username'], $A['fullname'])) . '</option>';
}
$searchform->set_var('author_option_list', $useroptions);
More information about the geeklog-cvs
mailing list