- Timestamp:
- 2014-02-21T18:46:01+13:00 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/runtime-src/src/recpt/querytools.cpp
r28222 r28841 25 25 26 26 #include "querytools.h" 27 #include "cgiutils.h" 27 28 #include <ctype.h> 28 29 #include "unitool.h" // for is_unicode_letdig … … 343 344 // This function removes boolean operators from simple searches, and segments 344 345 // chinese characters if segment=true 346 // Called by several parse_..._form methods here, this function decodes & 347 // to undo the URL encoding done in cgiutils.cpp for security purposes 345 348 void format_querystring (text_t &querystring, int querymode, bool segment) { 346 349 text_t formattedstring; 350 351 // & has meaning in boolean searches and can be %26 encoded at this point, need to decode them now. 352 // Also decode any " here, so that the entire search phrase is highlighted and not just the final word 353 unsafe_cgi_arg("ALL", querystring); 347 354 348 355 // advanced search, no segmenting, don't need to do anything … … 449 456 } 450 457 451 452 458 if (arg_ct == "2") { // lucene 453 459 // look for AND OR NOT and remove … … 579 585 580 586 587 // The following parse_..._form functions first decode various fields for 588 // both simple and advanced searches to undo the URL encoding. 589 // E.g. quotes have meaning in phrase searches and these have to be decoded 590 // before sending the search off to the index. 591 581 592 // some query form parsing functions for use with mgpp & lucene 582 593 … … 599 610 text_t field = args["fqf"]; 600 611 if (field.empty()) return; // no query 612 unsafe_cgi_arg("ALL", field); 601 613 text_tarray fields; 602 614 splitchar(field.begin(), field.end(), ',', fields); … … 604 616 text_t value = args["fqv"]; 605 617 if (value.empty()) return; // somethings wrong 618 unsafe_cgi_arg("ALL", value); 606 619 text_tarray values; 607 620 splitchar(value.begin(), value.end(), ',', values); … … 651 664 text_t field = args["fqf"]; 652 665 if (field.empty()) return; // no query 666 unsafe_cgi_arg("ALL", field); 653 667 text_tarray fields; 654 668 splitchar(field.begin(), field.end(), ',', fields); … … 656 670 text_t value = args["fqv"]; 657 671 if (value.empty()) return; // somethings wrong 672 unsafe_cgi_arg("ALL", value); 658 673 text_tarray values; 659 674 splitchar(value.begin(), value.end(), ',', values); … … 661 676 text_t comb = args["fqc"]; 662 677 if (comb.empty()) return; //somethings wrong 678 //unsafe_cgi_arg("ALL", comb); 663 679 text_tarray combs; 664 680 splitchar(comb.begin(), comb.end(), ',', combs); … … 734 750 text_t field = args["sqlfqf"]; 735 751 if (field.empty()) return; // no query 752 unsafe_cgi_arg("ALL", field); // for the slash. //unsafe_cgi_arg("/", field); 736 753 text_tarray fields; 737 754 splitchar(field.begin(), field.end(), ',', fields); … … 739 756 text_t sqlcomb = args["sqlfqc"]; 740 757 if (sqlcomb.empty()) return; //somethings wrong 758 //unsafe_cgi_arg("ALL", sqlcomb); 741 759 text_tarray sqlcombs; 742 760 splitchar(sqlcomb.begin(), sqlcomb.end(), ',', sqlcombs); … … 744 762 text_t value = args["fqv"]; 745 763 if (value.empty()) return; // somethings wrong 764 unsafe_cgi_arg("ALL", value); 746 765 text_tarray values; 747 766 splitchar(value.begin(), value.end(), ',', values); … … 808 827 809 828 if (field.empty()) return; // no query 829 // need to decode %2F to / in the URL, e.g. to get dc.Title/Title/ex.Title again in the fields to search in 830 unsafe_cgi_arg("ALL", field); //unsafe_cgi_arg("/", field); 810 831 text_tarray fields; 811 832 splitchar(field.begin(), field.end(), ',', fields); … … 813 834 text_t sqlcomb = args["sqlfqc"]; 814 835 if (sqlcomb.empty()) return; //somethings wrong 836 //unsafe_cgi_arg("ALL", sqlcomb); 815 837 text_tarray sqlcombs; 816 838 splitchar(sqlcomb.begin(), sqlcomb.end(), ',', sqlcombs); … … 818 840 text_t value = args["fqv"]; 819 841 if (value.empty()) return; // somethings wrong 842 unsafe_cgi_arg("ALL", value); // decode all url-encoded parts of the values to search in 820 843 text_tarray values; 821 844 splitchar(value.begin(), value.end(), ',', values); … … 823 846 text_t comb = args["fqc"]; 824 847 if (comb.empty()) return; //somethings wrong 848 //unsafe_cgi_arg("ALL", comb); 825 849 text_tarray combs; 826 850 splitchar(comb.begin(), comb.end(), ',', combs);
Note:
See TracChangeset
for help on using the changeset viewer.