[feladat @ 109]
authorrejo
Thu, 03 Jan 2008 22:30:40 +0000 (2008-01-03)
changeset 62 ce4919f37489
parent 61 d015f5c9b308
child 63 d76966db18e5
[feladat @ 109] Fixed ticket:7 (allow regular expression in zone and record search).
inc/dns.inc.php
inc/record.inc.php
locale/nl_NL/LC_MESSAGES/messages.mo
locale/nl_NL/LC_MESSAGES/nl.po
search.php
--- a/inc/dns.inc.php	Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/dns.inc.php	Thu Jan 03 22:30:40 2008 +0000
@@ -518,9 +518,14 @@
 	return preg_match('!^(http://)(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+([//]([0-9a-z//~#%&\'_\-+=:?.]*))?$!i',  $url);
 }
 
-		/****************************************
-		 *					*
-		 *    END OF RECORD VALIDATING PART.	*
-		 *					*
-		 ***************************************/
+function is_valid_search($holygrail)
+{
+	// Only allow for alphanumeric, numeric, dot, dash, underscore and 
+	// percent in search string. The last two are wildcards for SQL.
+	// Needs extension probably for more usual record types.
+
+	return preg_match('/^[a-z0-9.\-%_]+$/i', $holygrail);
+}
+
+
 ?>
--- a/inc/record.inc.php	Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/record.inc.php	Thu Jan 03 22:30:40 2008 +0000
@@ -1276,97 +1276,63 @@
 {
 	global $db;
 	$question = trim($question);
-	if (empty($question)) 
+
+	if (is_valid_search($question))
 	{
-		$S_INPUT_TYPE = -1;
+		$sqlq = "SELECT * 
+				FROM records 
+				WHERE content LIKE '".$question."' 
+				OR name LIKE '".$question."' 
+				ORDER BY type DESC";
+		echo " $sqlq ";
+		$result = $db->query($sqlq);
+		$ret_r = array();
+		while ($r = $result->fetchRow())
+		{
+		    if(xs($r['domain_id']))
+		    {
+			$ret_r[] = array(
+			  'id'			=>	$r['id'],
+			  'domain_id'		=>	$r['domain_id'],
+			  'name'		=>	$r['name'],
+			  'type'		=>	$r['type'],
+			  'content'		=>	$r['content'],
+			  'ttl'			=>	$r['ttl'],
+			  'prio'		=>	$r['prio'],
+			  'change_date'		=>	$r['change_date']
+			);
+			}
+		}
+
+		$sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id
+				FROM domains, records, zones  
+				WHERE domains.id = records.domain_id 
+				AND zones.domain_id = domains.id 
+				AND domains.name LIKE '".$question."' 
+				GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
+
+		echo "<br> $sqlq ";
+		$result = $db->query($sqlq);
+		$ret_d = array();
+		while ($r = $result->fetchRow())
+		{
+		    if(xs($r['domain_id']))
+		    {
+			    $ret_d[] = array(
+				'id'			=>	$r['id'],
+				'name'		=>	$r['name'],
+				'numrec'		=>	$r['numrec'],
+				'owner'		=>	$r['owner']
+			);
+			}
+		}
+		return array('domains' => $ret_d, 'records' => $ret_r);
+	}
+	else
+	{
+		error(sprintf(ERR_INV_ARGC, "search_record", "Invalid searchstring: $question"));
 	}
 
-	/* now for some input-type searching */
-	if (is_valid_ip($question) || is_valid_ip6($question))
-	{
-		$S_INPUT_TYPE = 0;
-	}
-	elseif(is_valid_domain($question) || 
-		is_valid_hostname($question) ||
-		is_valid_mboxfw($question)) // I guess this one can appear in records table too (content?!)
-	{
-		$S_INPUT_TYPE = 1;
-	}	  
-	else 
-	{
-		$S_INPUT_TYPE = -1;
-	}
-	switch($S_INPUT_TYPE)
-	{
-		case '0': 
-			$sqlq = "SELECT * FROM records WHERE content = '".$question."' ORDER BY type DESC";
-			$result = $db->query($sqlq);
-			$ret_r = array();
-			while ($r = $result->fetchRow())
-			{
-			    if(xs($r['domain_id']))
-			    {
-    				$ret_r[] = array(
-    				  'id'			=>	$r['id'],
-    				  'domain_id'		=>	$r['domain_id'],
-    				  'name'		=>	$r['name'],
-    				  'type'		=>	$r['type'],
-    				  'content'		=>	$r['content'],
-    				  'ttl'			=>	$r['ttl'],
-    				  'prio'		=>	$r['prio'],
-    				  'change_date'		=>	$r['change_date']
-    				);
-				}
-			}
-			break;
-	    
-		case '1' :
-			$sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id
-					FROM domains, records, zones  
-					WHERE domains.id = records.domain_id 
-					AND zones.domain_id = domains.id 
-					AND domains.name = '".$question."' 
-					GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
-
-			$result = $db->query($sqlq);
-			$ret_d = array();
-			while ($r = $result->fetchRow())
-			{
-			    if(xs($r['domain_id']))
-			    {
-				    $ret_d[] = array(
-    					'id'			=>	$r['id'],
-    					'name'		=>	$r['name'],
-    					'numrec'		=>	$r['numrec'],
-    					'owner'		=>	$r['owner']
-    				);
-				}
-			}
-
-			$sqlq = "SELECT * FROM records WHERE name = '".$question."' OR content = '".$question."' ORDER BY type DESC";
-			$result = $db->query($sqlq);
-			while ($r = $result->fetchRow())
-			{
-			    if(xs($r['domain_id']))
-			    {
-    				$ret_r[] = array(
-    					'id'			=>	$r['id'],
-    					'domain_id'		=>	$r['domain_id'],
-    					'name'		=>	$r['name'],
-    					'type'		=>	$r['type'],
-    					'content'		=>	$r['content'],
-    					'ttl'			=>	$r['ttl'],
-    					'prio'		=>	$r['prio'],
-    				);
-    			}
-			}
-			break;
-	}
-	if($S_INPUT_TYPE == 1)
-	{
-		return array('domains' => $ret_d, 'records' => $ret_r);
-	}
-	return array('records' => $ret_r);
 }
 
 function get_domain_type($id)
Binary file locale/nl_NL/LC_MESSAGES/messages.mo has changed
--- a/locale/nl_NL/LC_MESSAGES/nl.po	Thu Jan 03 21:52:57 2008 +0000
+++ b/locale/nl_NL/LC_MESSAGES/nl.po	Thu Jan 03 22:30:40 2008 +0000
@@ -472,7 +472,7 @@
 
 #: search.php:151
 msgid "Nothing found for query"
-msgstr "Niets gevonden voor deze zoekopdracht"
+msgstr "Niets gevonden voor zoekopdracht"
 
 #: test_setup.php:58
 msgid "Not all tables are ok!"
--- a/search.php	Thu Jan 03 21:52:57 2008 +0000
+++ b/search.php	Thu Jan 03 22:30:40 2008 +0000
@@ -100,11 +100,6 @@
 	<?php
 	} // end if
 	
-
-
-
-
-	
 	// any records ?!
 	if(count($search_result['records']))
 	{
@@ -166,7 +161,7 @@
 		<table border="0" cellspacing="4">
 			<tr>
 				<td width="510" class="n">
-				<? echo _('Nothing found for query'); ?> "<? echo $_POST['q']?>"
+				<? echo _('Nothing found for query'); ?> "<? echo $_POST['q']?>".
 				</td>
 			</tr>
 		</table>