experimental "filters" in mod ?/search

2012-02-12 22:45:48 +11:00 · 2012-02-12 22:45:48 +11:00 · 10d6884ab3
commit 10d6884ab3
parent ae76ddb079
1 changed files with 26 additions and 1 deletions
--- a/mod.php
+++ b/mod.php
@ -990,7 +990,7 @@
 			$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
 				'<p><label style="display:inline" for="search">Phrase:</label> ' .
 					'<input id="search" name="search" type="text" size="35" ' .
-						(isset($_POST['search']) ? 'value="' . utf8tohtml($_POST['search']) . '" ' : '') .
+						(isset($_POST['search']) ? 'value="' . str_replace('"', '&quot;', utf8tohtml($_POST['search'])) . '" ' : '') .
 					'/>' .
 					'<input type="submit" value="Search" />' .
 				'</p></form>' .
@ -1001,6 +1001,25 @@
 				$phrase = &$_POST['search'];
 				$_body = '';
 				$filters = Array();
 				function search_filters($m) {
 					global $filters;
 					$name = $m[2];
 					$value = isset($m[4]) ? $m[4] : $m[3];
 					if(!in_array($name, Array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) {
 						// unknown filter
 						return $m[0];
 					}
 					$filters[$name] = $value;
 					return $m[1];
 				}
 				$phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase));
 				// Escape escape character
 				$phrase = str_replace('!', '!!', $phrase);
@ -1036,8 +1055,14 @@
 					$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
 				}
 				foreach($filters as $name => $value) {
 					$like .= ' AND `' . $name . '` = '. $pdo->quote($value);
 				}
 				$like = str_replace('%', '%%', $like);
 				// die(var_dump($like));
 				$boards = listBoards();
 				foreach($boards as &$_b) {
 					openBoard($_b['uri']);