Changeset 28841 for main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp

Timestamp:

2014-02-21T18:46:01+13:00 (10 years ago)

Author:

ak19

Message:

Fixing up URL encoding of cgi args so that phrase searching works again. Tested MGPP, Lucene and SQLite searching. Tested simple search, fielded search, advanced single field and multi-field as well as running a query.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp (modified) (2 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp

@@ -260 +260 @@
                           ostream& logout) 
 {
+  // A great many characters have meanings in SQL queries, including > and %, 
+  // where % stands for a multi-char wildcard 
+  // http://docs.oracle.com/cd/B10501_01/text.920/a96518/cqspcl.htm
+  // Further, Greenstone's Advanced SQLite Search allows <, >, %, ' (rounded brackets and more) 
+  // So it's best to url-decode all encoded cgi-args 
+  // We do so here if normal text search or explicit query, and in the
+  // parse_sql_query_form functions if dealing with forms.
+
   if (args["qt"]=="0" && args["sqlqto"] != "1") { // normal text search
+    unsafe_cgi_arg("ALL", args["q"]);
     formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + args["q"];    
   }
@@ -267 +276 @@
     if (args["b"]=="1" && args["fqa"]=="1") { // explicit query
       formattedstring = args["q"];
+      unsafe_cgi_arg("ALL", formattedstring);
     }
     else { // form search