function set_sort_mode($mode)
{
- if ('chron' === $mode)
- return $this->target->orderBy('created desc');
+ switch ($mode) {
+ case 'chron':
+ return $this->target->orderBy('created DESC');
+ break;
+ case 'reverse_chron':
+ return $this->target->orderBy('created ASC');
+ break;
+ case 'nickname_desc':
+ if ($this->table != 'profile') {
+ throw new Exception(
+ 'nickname_desc sort mode can only be use when searching profile.'
+ );
+ } else {
+ return $this->target->orderBy(sprintf('%1$s.nickname DESC', $this->table));
+ }
+ break;
+ case 'nickname_asc':
+ if ($this->table != 'profile') {
+ throw new Exception(
+ 'nickname_desc sort mode can only be use when searching profile.'
+ );
+ } else {
+ return $this->target->orderBy(sprintf('%1$s.nickname ASC', $this->table));
+ }
+ break;
+ default:
+ return $this->target->orderBy('created DESC');
+ break;
+ }
}
}
{
if ('profile' === $this->table) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
- 'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)');
+ 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
if (strtolower($q) != $q) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
- 'AGAINST (\''.addslashes(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
+ 'AGAINST (\''.$this->target->escape(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
}
return true;
} else if ('notice' === $this->table) {
$this->target->whereAdd('notice.is_local != ' . Notice::GATEWAY);
if (strtolower($q) != $q) {
- $this->target->whereAdd("( MATCH(content) AGAINST ('" . addslashes($q) .
+ $this->target->whereAdd("( MATCH(content) AGAINST ('" . $this->target->escape($q) .
"' IN BOOLEAN MODE)) OR ( MATCH(content) " .
- "AGAINST ('" . addslashes(strtolower($q)) .
+ "AGAINST ('" . $this->target->escape(strtolower($q)) .
"' IN BOOLEAN MODE))");
} else {
$this->target->whereAdd('MATCH(content) ' .
- 'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)');
+ 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
}
return true;
function query($q)
{
if ('profile' === $this->table) {
- $qry = sprintf('(nickname LIKE "%%%1$s%%" OR '.
- ' fullname LIKE "%%%1$s%%" OR '.
- ' location LIKE "%%%1$s%%" OR '.
- ' bio LIKE "%%%1$s%%" OR '.
- ' homepage LIKE "%%%1$s%%")', addslashes($q));
+ $qry = sprintf('(%2$s.nickname LIKE "%%%1$s%%" OR '.
+ ' %2$s.fullname LIKE "%%%1$s%%" OR '.
+ ' %2$s.location LIKE "%%%1$s%%" OR '.
+ ' %2$s.bio LIKE "%%%1$s%%" OR '.
+ ' %2$s.homepage LIKE "%%%1$s%%")',
+ $this->target->escape($q, true),
+ $this->table);
} else if ('notice' === $this->table) {
- $qry = sprintf('content LIKE "%%%1$s%%"', addslashes($q));
+ $qry = sprintf('content LIKE "%%%1$s%%"', $this->target->escape($q, true));
} else {
throw new ServerException('Unknown table: ' . $this->table);
}
function query($q)
{
if ('profile' === $this->table) {
- return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.addslashes($q).'\')');
+ return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else if ('notice' === $this->table) {
// XXX: We need to filter out gateway notices (notice.is_local = -2) --Zach
- return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.addslashes($q).'\')');
+ return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else {
throw new ServerException('Unknown table: ' . $this->table);
}