[feladat @ 109]
Fixed ticket:7 (allow regular expression in zone and record search).
--- a/inc/dns.inc.php Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/dns.inc.php Thu Jan 03 22:30:40 2008 +0000
@@ -518,9 +518,14 @@
return preg_match('!^(http://)(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+([//]([0-9a-z//~#%&\'_\-+=:?.]*))?$!i', $url);
}
- /****************************************
- * *
- * END OF RECORD VALIDATING PART. *
- * *
- ***************************************/
+function is_valid_search($holygrail)
+{
+ // Only allow for alphanumeric, numeric, dot, dash, underscore and
+ // percent in search string. The last two are wildcards for SQL.
+ // Needs extension probably for more usual record types.
+
+ return preg_match('/^[a-z0-9.\-%_]+$/i', $holygrail);
+}
+
+
?>
--- a/inc/record.inc.php Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/record.inc.php Thu Jan 03 22:30:40 2008 +0000
@@ -1276,97 +1276,63 @@
{
global $db;
$question = trim($question);
- if (empty($question))
+
+ if (is_valid_search($question))
{
- $S_INPUT_TYPE = -1;
+ $sqlq = "SELECT *
+ FROM records
+ WHERE content LIKE '".$question."'
+ OR name LIKE '".$question."'
+ ORDER BY type DESC";
+ echo " $sqlq ";
+ $result = $db->query($sqlq);
+ $ret_r = array();
+ while ($r = $result->fetchRow())
+ {
+ if(xs($r['domain_id']))
+ {
+ $ret_r[] = array(
+ 'id' => $r['id'],
+ 'domain_id' => $r['domain_id'],
+ 'name' => $r['name'],
+ 'type' => $r['type'],
+ 'content' => $r['content'],
+ 'ttl' => $r['ttl'],
+ 'prio' => $r['prio'],
+ 'change_date' => $r['change_date']
+ );
+ }
+ }
+
+ $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id
+ FROM domains, records, zones
+ WHERE domains.id = records.domain_id
+ AND zones.domain_id = domains.id
+ AND domains.name LIKE '".$question."'
+ GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
+
+ echo "<br> $sqlq ";
+ $result = $db->query($sqlq);
+ $ret_d = array();
+ while ($r = $result->fetchRow())
+ {
+ if(xs($r['domain_id']))
+ {
+ $ret_d[] = array(
+ 'id' => $r['id'],
+ 'name' => $r['name'],
+ 'numrec' => $r['numrec'],
+ 'owner' => $r['owner']
+ );
+ }
+ }
+ return array('domains' => $ret_d, 'records' => $ret_r);
+ }
+ else
+ {
+ error(sprintf(ERR_INV_ARGC, "search_record", "Invalid searchstring: $question"));
}
- /* now for some input-type searching */
- if (is_valid_ip($question) || is_valid_ip6($question))
- {
- $S_INPUT_TYPE = 0;
- }
- elseif(is_valid_domain($question) ||
- is_valid_hostname($question) ||
- is_valid_mboxfw($question)) // I guess this one can appear in records table too (content?!)
- {
- $S_INPUT_TYPE = 1;
- }
- else
- {
- $S_INPUT_TYPE = -1;
- }
- switch($S_INPUT_TYPE)
- {
- case '0':
- $sqlq = "SELECT * FROM records WHERE content = '".$question."' ORDER BY type DESC";
- $result = $db->query($sqlq);
- $ret_r = array();
- while ($r = $result->fetchRow())
- {
- if(xs($r['domain_id']))
- {
- $ret_r[] = array(
- 'id' => $r['id'],
- 'domain_id' => $r['domain_id'],
- 'name' => $r['name'],
- 'type' => $r['type'],
- 'content' => $r['content'],
- 'ttl' => $r['ttl'],
- 'prio' => $r['prio'],
- 'change_date' => $r['change_date']
- );
- }
- }
- break;
-
- case '1' :
- $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id
- FROM domains, records, zones
- WHERE domains.id = records.domain_id
- AND zones.domain_id = domains.id
- AND domains.name = '".$question."'
- GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
-
- $result = $db->query($sqlq);
- $ret_d = array();
- while ($r = $result->fetchRow())
- {
- if(xs($r['domain_id']))
- {
- $ret_d[] = array(
- 'id' => $r['id'],
- 'name' => $r['name'],
- 'numrec' => $r['numrec'],
- 'owner' => $r['owner']
- );
- }
- }
-
- $sqlq = "SELECT * FROM records WHERE name = '".$question."' OR content = '".$question."' ORDER BY type DESC";
- $result = $db->query($sqlq);
- while ($r = $result->fetchRow())
- {
- if(xs($r['domain_id']))
- {
- $ret_r[] = array(
- 'id' => $r['id'],
- 'domain_id' => $r['domain_id'],
- 'name' => $r['name'],
- 'type' => $r['type'],
- 'content' => $r['content'],
- 'ttl' => $r['ttl'],
- 'prio' => $r['prio'],
- );
- }
- }
- break;
- }
- if($S_INPUT_TYPE == 1)
- {
- return array('domains' => $ret_d, 'records' => $ret_r);
- }
- return array('records' => $ret_r);
}
function get_domain_type($id)
Binary file locale/nl_NL/LC_MESSAGES/messages.mo has changed
--- a/locale/nl_NL/LC_MESSAGES/nl.po Thu Jan 03 21:52:57 2008 +0000
+++ b/locale/nl_NL/LC_MESSAGES/nl.po Thu Jan 03 22:30:40 2008 +0000
@@ -472,7 +472,7 @@
#: search.php:151
msgid "Nothing found for query"
-msgstr "Niets gevonden voor deze zoekopdracht"
+msgstr "Niets gevonden voor zoekopdracht"
#: test_setup.php:58
msgid "Not all tables are ok!"
--- a/search.php Thu Jan 03 21:52:57 2008 +0000
+++ b/search.php Thu Jan 03 22:30:40 2008 +0000
@@ -100,11 +100,6 @@
<?php
} // end if
-
-
-
-
-
// any records ?!
if(count($search_result['records']))
{
@@ -166,7 +161,7 @@
<table border="0" cellspacing="4">
<tr>
<td width="510" class="n">
- <? echo _('Nothing found for query'); ?> "<? echo $_POST['q']?>"
+ <? echo _('Nothing found for query'); ?> "<? echo $_POST['q']?>".
</td>
</tr>
</table>