* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers.
Signed-off-by: Lukas Fleischer <[email protected]> --- web/html/packages.php | 4 +- web/lib/pkgfuncs.inc.php | 130 +++++++++++++----------------------- web/template/pkg_search_results.php | 8 ++- 3 files changed, 55 insertions(+), 87 deletions(-) diff --git a/web/html/packages.php b/web/html/packages.php index 8fd3266..ec6fc75 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -99,9 +99,9 @@ if (isset($pkgid)) { $_GET['SO'] = 'd'; } if (isset($_COOKIE["AURSID"])) { - pkg_search_page($_COOKIE["AURSID"]); + pkg_search_page($_GET, true, $_COOKIE["AURSID"]); } else { - pkg_search_page(); + pkg_search_page($_GET, true); } } diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 8a5cf57..ee4ca52 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -642,53 +642,16 @@ function pkg_display_details($id=0, $row, $SID="") { } } -/* pkg_search_page(SID) - * outputs the body of search/search results page - * - * parameters: - * SID - current Session ID - * preconditions: - * package search page has been accessed - * request variables have not been sanitized - * - * request vars: - * O - starting result number - * PP - number of search hits per page - * K - package search string - * SO - search hit sort order: - * values: a - ascending - * d - descending - * SB - sort search hits by: - * values: n - package name - * v - number of votes - * m - maintainer username - * SeB- property that search string (K) represents - * values: n - package name - * nd - package name & description - * b - package base name - * N - package name (exact match) - * B - package base name (exact match) - * k - package keyword(s) - * m - package maintainer's username - * c - package co-maintainer's username - * s - package submitter's username - * do_Orphans - boolean. whether to search packages - * without a maintainer - * - * - * These two are actually handled in packages.php. - * - * IDs- integer array of ticked packages' IDs - * action - action to be taken on ticked packages - * values: do_Flag - Flag out-of-date - * do_UnFlag - Remove out-of-date flag - * do_Adopt - Adopt - * do_Disown - Disown - * do_Delete - Delete - * do_Notify - Enable notification - * do_UnNotify - Disable notification +/** + * Output the body of the search results page + * + * @param array $params Search parameters + * @param bool $show_headers True if statistics should be included + * @param string $SID The session ID of the visitor + * + * @return void */ -function pkg_search_page($SID="") { +function pkg_search_page($params, $show_headers=true, $SID="") { $dbh = DB::connect(); /* @@ -699,16 +662,16 @@ function pkg_search_page($SID="") { $myuid = uid_from_sid($SID); /* Sanitize paging variables. */ - if (isset($_GET['O'])) { - $_GET['O'] = max(intval($_GET['O']), 0); + if (isset($params['O'])) { + $params['O'] = max(intval($params['O']), 0); } else { - $_GET['O'] = 0; + $params['O'] = 0; } - if (isset($_GET["PP"])) { - $_GET["PP"] = bound(intval($_GET["PP"]), 50, 250); + if (isset($params["PP"])) { + $params["PP"] = bound(intval($params["PP"]), 50, 250); } else { - $_GET["PP"] = 50; + $params["PP"] = 50; } /* @@ -742,67 +705,67 @@ function pkg_search_page($SID="") { $q_where = 'WHERE PackageBases.PackagerUID IS NOT NULL '; - if (isset($_GET['K'])) { - if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { + if (isset($params['K'])) { + if (isset($params["SeB"]) && $params["SeB"] == "m") { /* Search by maintainer. */ - $q_where .= "AND Users.Username = " . $dbh->quote($_GET['K']) . " "; + $q_where .= "AND Users.Username = " . $dbh->quote($params['K']) . " "; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "c") { + elseif (isset($params["SeB"]) && $params["SeB"] == "c") { /* Search by co-maintainer. */ $q_where .= "AND EXISTS (SELECT * FROM PackageComaintainers "; $q_where .= "INNER JOIN Users ON Users.ID = PackageComaintainers.UsersID "; $q_where .= "WHERE PackageComaintainers.PackageBaseID = PackageBases.ID "; - $q_where .= "AND Users.Username = " . $dbh->quote($_GET['K']) . ")"; + $q_where .= "AND Users.Username = " . $dbh->quote($params['K']) . ")"; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") { + elseif (isset($params["SeB"]) && $params["SeB"] == "s") { /* Search by submitter. */ - $q_where .= "AND SubmitterUID = " . intval(uid_from_username($_GET['K'])) . " "; + $q_where .= "AND SubmitterUID = " . intval(uid_from_username($params['K'])) . " "; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") { + elseif (isset($params["SeB"]) && $params["SeB"] == "n") { /* Search by name. */ - $K = "%" . addcslashes($_GET['K'], '%_') . "%"; + $K = "%" . addcslashes($params['K'], '%_') . "%"; $q_where .= "AND (Packages.Name LIKE " . $dbh->quote($K) . ") "; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "b") { + elseif (isset($params["SeB"]) && $params["SeB"] == "b") { /* Search by package base name. */ - $K = "%" . addcslashes($_GET['K'], '%_') . "%"; + $K = "%" . addcslashes($params['K'], '%_') . "%"; $q_where .= "AND (PackageBases.Name LIKE " . $dbh->quote($K) . ") "; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "k") { + elseif (isset($params["SeB"]) && $params["SeB"] == "k") { /* Search by keywords. */ - $q_where .= construct_keyword_search($dbh, false); + $q_where .= construct_keyword_search($dbh, $params['K'], false); } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "N") { + elseif (isset($params["SeB"]) && $params["SeB"] == "N") { /* Search by name (exact match). */ - $q_where .= "AND (Packages.Name = " . $dbh->quote($_GET['K']) . ") "; + $q_where .= "AND (Packages.Name = " . $dbh->quote($params['K']) . ") "; } - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "B") { + elseif (isset($params["SeB"]) && $params["SeB"] == "B") { /* Search by package base name (exact match). */ - $q_where .= "AND (PackageBases.Name = " . $dbh->quote($_GET['K']) . ") "; + $q_where .= "AND (PackageBases.Name = " . $dbh->quote($params['K']) . ") "; } else { /* Keyword search (default). */ - $q_where .= construct_keyword_search($dbh, true); + $q_where .= construct_keyword_search($dbh, $params['K'], true); } } - if (isset($_GET["do_Orphans"])) { + if (isset($params["do_Orphans"])) { $q_where .= "AND MaintainerUID IS NULL "; } - if (isset($_GET['outdated'])) { - if ($_GET['outdated'] == 'on') { + if (isset($params['outdated'])) { + if ($params['outdated'] == 'on') { $q_where .= "AND OutOfDateTS IS NOT NULL "; } - elseif ($_GET['outdated'] == 'off') { + elseif ($params['outdated'] == 'off') { $q_where .= "AND OutOfDateTS IS NULL "; } } - $order = (isset($_GET["SO"]) && $_GET["SO"] == 'd') ? 'DESC' : 'ASC'; + $order = (isset($params["SO"]) && $params["SO"] == 'd') ? 'DESC' : 'ASC'; $q_sort = "ORDER BY "; - $sort_by = isset($_GET["SB"]) ? $_GET["SB"] : ''; + $sort_by = isset($params["SB"]) ? $params["SB"] : ''; switch ($sort_by) { case 'v': $q_sort .= "NumVotes " . $order . ", "; @@ -835,7 +798,7 @@ function pkg_search_page($SID="") { } $q_sort .= " Packages.Name " . $order . " "; - $q_limit = "LIMIT ".$_GET["PP"]." OFFSET ".$_GET["O"]; + $q_limit = "LIMIT ".$params["PP"]." OFFSET ".$params["O"]; $q = $q_select . $q_from . $q_from_extra . $q_where . $q_sort . $q_limit; $q_total = "SELECT COUNT(*) " . $q_from . $q_where; @@ -851,7 +814,7 @@ function pkg_search_page($SID="") { } if ($result && $total > 0) { - if (isset($_GET["SO"]) && $_GET["SO"] == "d"){ + if (isset($params["SO"]) && $params["SO"] == "d"){ $SO_next = "a"; } else { @@ -860,10 +823,10 @@ function pkg_search_page($SID="") { } /* Calculate the results to use. */ - $first = $_GET['O'] + 1; + $first = $params['O'] + 1; /* Calculation of pagination links. */ - $per_page = ($_GET['PP'] > 0) ? $_GET['PP'] : 50; + $per_page = ($params['PP'] > 0) ? $params['PP'] : 50; $current = ceil($first / $per_page); $pages = ceil($total / $per_page); $templ_pages = array(); @@ -904,17 +867,18 @@ function pkg_search_page($SID="") { * Construct the WHERE part of the sophisticated keyword search * * @param handle $dbh Database handle - * @param boolean $namedesc Search name and description fields + * @param string $keywords The search term + * @param bool $namedesc Search name and description fields * * @return string WHERE part of the SQL clause */ -function construct_keyword_search($dbh, $namedesc) { +function construct_keyword_search($dbh, $keywords, $namedesc) { $count = 0; $where_part = ""; $q_keywords = ""; $op = ""; - foreach (str_getcsv($_GET['K'], ' ') as $term) { + foreach (str_getcsv($keywords, ' ') as $term) { if ($term == "") { continue; } diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php index 37a9032..7b6b00a 100644 --- a/web/template/pkg_search_results.php +++ b/web/template/pkg_search_results.php @@ -5,6 +5,7 @@ if (!$result): ?> <div class="box"><p><?= __("No packages matched your search criteria.") ?></p></div> <?php else: ?> <div id="pkglist-results" class="box"> + <?php if ($show_headers): ?> <div class="pkglist-stats"> <p> <?= _n('%d package found.', '%d packages found.', $total) ?> @@ -24,12 +25,13 @@ if (!$result): ?> </p> <?php endif; ?> </div> + <?php endif; ?> <form id="pkglist-results-form" method="post" action="<?= get_uri('/pkgbase/'); ?>?<?= htmlentities($_SERVER['QUERY_STRING']) ?>"> <table class="results"> <thead> <tr> - <?php if ($SID): ?> + <?php if ($SID && $show_headers): ?> <th> </th> <?php endif; ?> <th><a href="?<?= mkurl('SB=n&SO=' . $SO_next) ?>"><?= __("Name") ?></a></th> @@ -48,7 +50,7 @@ if (!$result): ?> <?php while (list($indx, $row) = each($searchresults)): ?> <tr class="<?= ($indx % 2 == 0) ? 'odd' : 'even' ?>"> - <?php if ($SID): ?> + <?php if ($SID && $show_headers): ?> <td><input type="checkbox" name="IDs[<?= $row["PackageBaseID"] ?>]" value="1" /></td> <?php endif; ?> <td><a href="<?= htmlspecialchars(get_pkg_uri($row["Name"]), ENT_QUOTES); ?>"><?= htmlspecialchars($row["Name"]) ?></a></td> @@ -85,6 +87,7 @@ if (!$result): ?> </tbody> </table> + <?php if ($show_headers): ?> <div class="pkglist-stats"> <p> <?= _n('%d package found.', '%d packages found.', $total) ?> @@ -127,6 +130,7 @@ if (!$result): ?> <input type="submit" class="button" style="width: 80px" value="<?= __("Go") ?>" /> </p> <?php endif; # if ($SID) ?> + <?php endif; ?> </form> </div> <?php endif; # search was successful and returned multiple results ?> -- 2.11.1
