- Timestamp:
- 2014-02-21T18:46:01+13:00 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp
r23398 r28841 260 260 ostream& logout) 261 261 { 262 // A great many characters have meanings in SQL queries, including > and %, 263 // where % stands for a multi-char wildcard 264 // http://docs.oracle.com/cd/B10501_01/text.920/a96518/cqspcl.htm 265 // Further, Greenstone's Advanced SQLite Search allows <, >, %, ' (rounded brackets and more) 266 // So it's best to url-decode all encoded cgi-args 267 // We do so here if normal text search or explicit query, and in the 268 // parse_sql_query_form functions if dealing with forms. 269 262 270 if (args["qt"]=="0" && args["sqlqto"] != "1") { // normal text search 271 unsafe_cgi_arg("ALL", args["q"]); 263 272 formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + args["q"]; 264 273 } … … 267 276 if (args["b"]=="1" && args["fqa"]=="1") { // explicit query 268 277 formattedstring = args["q"]; 278 unsafe_cgi_arg("ALL", formattedstring); 269 279 } 270 280 else { // form search
Note:
See TracChangeset
for help on using the changeset viewer.