version 1.299, 2008/08/27 19:50:46
|
version 1.300, 2008/10/16 22:58:15
|
Line 1394 sub parse_advanced_search {
|
Line 1394 sub parse_advanced_search {
|
'lastrevisiondatestart_month','lastrevisiondatestart_day', |
'lastrevisiondatestart_month','lastrevisiondatestart_day', |
'lastrevisiondatestart_year','lastrevisiondateend_month', |
'lastrevisiondatestart_year','lastrevisiondateend_month', |
'lastrevisiondateend_day','lastrevisiondateend_year') { |
'lastrevisiondateend_day','lastrevisiondateend_year') { |
$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.]//g; |
$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.\*]//g; |
} |
} |
foreach ('mode','form','element') { |
foreach ('mode','form','element') { |
# is this required? Hmmm. |
# is this required? Hmmm. |
Line 1639 sub parse_advanced_search {
|
Line 1639 sub parse_advanced_search {
|
# |
# |
if (@queries) { |
if (@queries) { |
if ($env{'form.area'} eq 'portfolio') { |
if ($env{'form.area'} eq 'portfolio') { |
$query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND (".join(') AND (',@queries).'))'; |
$query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND (".join(') AND (',@queries).'))'; |
} else { |
} else { |
$query="SELECT * FROM metadata WHERE (".join(") AND (",@queries).')'; |
$query="SELECT * FROM metadata WHERE (".join(") AND (",@queries).')'; |
} |
} |
Line 1702 sub parse_basic_search {
|
Line 1702 sub parse_basic_search {
|
# |
# |
# Clean up fields for safety |
# Clean up fields for safety |
for my $field ('basicexp') { |
for my $field ('basicexp') { |
$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-]//g; |
$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-\*]//g; |
} |
} |
foreach ('mode','form','element') { |
foreach ('mode','form','element') { |
# is this required? Hmmm. |
# is this required? Hmmm. |
Line 1741 sub parse_basic_search {
|
Line 1741 sub parse_basic_search {
|
#} |
#} |
my $final_query; |
my $final_query; |
if ($env{'form.area'} eq 'portfolio') { |
if ($env{'form.area'} eq 'portfolio') { |
$final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa WHERE (pm.url = pa.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND '.join(" AND ",@Queries).')'; |
$final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa WHERE (pm.url = pa.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND '.join(" AND ",@Queries).')'; |
} else { |
} else { |
$final_query = 'SELECT * FROM metadata WHERE '.join(" AND ",@Queries); |
$final_query = 'SELECT * FROM metadata WHERE '.join(" AND ",@Queries); |
} |
} |