X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fsearch_engines.php;h=7f1684a3e756b0a2cd7ea3b4ba79970bb4486915;hb=14fe22e4307044f2eb08264a7b83f9c2de245dba;hp=332db3f89a8a25cb2cf08afc8454263c9115250f;hpb=53c86c43c4b8cba313335f5d70f7f77d4ab640d2;p=quix0rs-gnu-social.git diff --git a/lib/search_engines.php b/lib/search_engines.php index 332db3f89a..7f1684a3e7 100644 --- a/lib/search_engines.php +++ b/lib/search_engines.php @@ -41,8 +41,35 @@ class SearchEngine function set_sort_mode($mode) { - if ('chron' === $mode) - return $this->target->orderBy('created desc'); + switch ($mode) { + case 'chron': + return $this->target->orderBy('created DESC'); + break; + case 'reverse_chron': + return $this->target->orderBy('created ASC'); + break; + case 'nickname_desc': + if ($this->table != 'profile') { + throw new Exception( + 'nickname_desc sort mode can only be use when searching profile.' + ); + } else { + return $this->target->orderBy('nickname DESC'); + } + break; + case 'nickname_asc': + if ($this->table != 'profile') { + throw new Exception( + 'nickname_desc sort mode can only be use when searching profile.' + ); + } else { + return $this->target->orderBy('nickname ASC'); + } + break; + default: + return $this->target->orderBy('created DESC'); + break; + } } } @@ -52,10 +79,10 @@ class MySQLSearch extends SearchEngine { if ('profile' === $this->table) { $this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' . - 'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)'); + 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)'); if (strtolower($q) != $q) { $this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' . - 'AGAINST (\''.addslashes(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR'); + 'AGAINST (\''.$this->target->escape(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR'); } return true; } else if ('notice' === $this->table) { @@ -64,13 +91,13 @@ class MySQLSearch extends SearchEngine $this->target->whereAdd('notice.is_local != ' . Notice::GATEWAY); if (strtolower($q) != $q) { - $this->target->whereAdd("( MATCH(content) AGAINST ('" . addslashes($q) . + $this->target->whereAdd("( MATCH(content) AGAINST ('" . $this->target->escape($q) . "' IN BOOLEAN MODE)) OR ( MATCH(content) " . - "AGAINST ('" . addslashes(strtolower($q)) . + "AGAINST ('" . $this->target->escape(strtolower($q)) . "' IN BOOLEAN MODE))"); } else { $this->target->whereAdd('MATCH(content) ' . - 'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)'); + 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)'); } return true; @@ -89,9 +116,9 @@ class MySQLLikeSearch extends SearchEngine ' fullname LIKE "%%%1$s%%" OR '. ' location LIKE "%%%1$s%%" OR '. ' bio LIKE "%%%1$s%%" OR '. - ' homepage LIKE "%%%1$s%%")', addslashes($q)); + ' homepage LIKE "%%%1$s%%")', $this->target->escape($q, true)); } else if ('notice' === $this->table) { - $qry = sprintf('content LIKE "%%%1$s%%"', addslashes($q)); + $qry = sprintf('content LIKE "%%%1$s%%"', $this->target->escape($q, true)); } else { throw new ServerException('Unknown table: ' . $this->table); } @@ -107,12 +134,12 @@ class PGSearch extends SearchEngine function query($q) { if ('profile' === $this->table) { - return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.addslashes($q).'\')'); + return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.$this->target->escape($q).'\')'); } else if ('notice' === $this->table) { // XXX: We need to filter out gateway notices (notice.is_local = -2) --Zach - return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.addslashes($q).'\')'); + return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.$this->target->escape($q).'\')'); } else { throw new ServerException('Unknown table: ' . $this->table); }