X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fsearch.php;h=320ffddcef2fbc0df671e6c58e5c26937372711a;hb=0f0fb2e2f3b9819e4f1b65c3ea1b96e78c008381;hp=d4cd9d96763c7d0838fa2fc72b3e0e00b345df6a;hpb=68757f25042b02624bfb748c25029023b3082f62;p=friendica.git diff --git a/mod/search.php b/mod/search.php index d4cd9d9676..320ffddcef 100644 --- a/mod/search.php +++ b/mod/search.php @@ -110,18 +110,19 @@ function search_content(&$a) { if (get_config('system','use_fulltext_engine')) { if($tag) - $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.preg_quote($search)); + $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search))); else - $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(preg_quote($search))); + $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search))); } else { if($tag) - $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\[')); + $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\[')); else - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search))); + $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } + // Here is the way permissions work in the search module... // Only public posts can be shown // OR your own posts if you are a logged in member @@ -145,7 +146,7 @@ function search_content(&$a) { } $r = q("SELECT distinct(`item`.`uri`), `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, `user`.`nickname`