From d967a1fa14237648fc63c44f6a28c9c077b3e1bc Mon Sep 17 00:00:00 2001
From: tcit <tcit@tcit.fr>
Date: Wed, 2 Apr 2014 17:44:47 +0200
Subject: Important fixes for search engine (thx @mariroz)

So sorry for the mess... :(
* search only in users' own articles
* sanitized what is searched
* display what is searched
* pagination, sorting available when searching
* use existing function to query db
* bad encoding caracters fixed
* link to JQuery into default theme, no longer in each theme
* some spaces instead of tabs
---
 inc/poche/Database.class.php | 13 +++++++------
 inc/poche/Poche.class.php    | 18 ++++++++++++------
 2 files changed, 19 insertions(+), 12 deletions(-)

(limited to 'inc/poche')

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 6f5c9ac0..2257f281 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -389,12 +389,13 @@ class Database {
         return $this->getHandle()->lastInsertId($column);
     }
 	
-	public function search($term){
-		$search = '%'.$term.'%';
-		$query = $this->getHandle()->prepare("SELECT * FROM entries WHERE content LIKE ? OR title LIKE ? OR url LIKE ?"); //searches in content, title and URL
-		$query->execute(array($search,$search,$search));
-		$entries = $query->fetchAll();
-		return $entries;
+   public function search($term,$id,$limit = ''){
+      $search = '%'.$term.'%';
+      $sql_action     = ("SELECT * FROM entries WHERE user_id=? AND (content LIKE ? OR title LIKE ? OR url LIKE ?) "); //searches in content, title and URL
+      $sql_action .= $this->getEntriesOrder().' ' . $limit;
+      $params_action  = array($id,$search,$search,$search);
+      $query          = $this->executeQuery($sql_action, $params_action);
+      return $query->fetchAll();
 	}
 
     public function retrieveAllTags($user_id, $term = null) {
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 7d9faed1..42a2dd9a 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -604,12 +604,18 @@ class Poche
                 );
                 break;
 				
-			case 'search':
-				if (isset($_GET['search'])){
-					$search = $_GET['search'];
-					$tpl_vars['entries'] = $this->store->search($search);
-					$tpl_vars['nb_results'] = count($tpl_vars['entries']);
-				}
+         case 'search':
+            if (isset($_GET['search'])){
+               $search = filter_var($_GET['search'], FILTER_SANITIZE_STRING);
+               $tpl_vars['entries'] = $this->store->search($search,$this->user->getId());
+               $count = count($tpl_vars['entries']);
+               $this->pagination->set_total($count);
+               $page_links = str_replace(array('previous', 'next'), array(_('previous'), _('next')),
+                        $this->pagination->page_links('?view=' . $view . '?search=' . $search . '&sort=' . $_SESSION['sort'] . '&' ));
+               $tpl_vars['page_links'] = $page_links;
+               $tpl_vars['nb_results'] = $count;
+               $tpl_vars['search_term'] = $search;
+            }
 				break;
             case 'view':
                 $entry = $this->store->retrieveOneById($id, $this->user->getId());
-- 
cgit v1.2.3