Skip to content

Commit

Permalink
Merge pull request #7747 from sbulen/strengthen_edits
Browse files Browse the repository at this point in the history
Some housekeeping
  • Loading branch information
jdarwood007 authored May 7, 2023
2 parents a738fe5 + 01dc25a commit 19a9de6
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 24 deletions.
37 changes: 20 additions & 17 deletions Sources/Memberlist.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
*
* @package SMF
* @author Simple Machines https://www.simplemachines.org
* @copyright 2022 Simple Machines and individual contributors
* @copyright 2023 Simple Machines and individual contributors
* @license https://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.1.2
* @version 2.1.4
*/

if (!defined('SMF'))
Expand Down Expand Up @@ -422,16 +422,20 @@ function MLSearch()
// They're searching..
if (isset($_REQUEST['search']) && isset($_REQUEST['fields']))
{
$_POST['search'] = trim(isset($_GET['search']) ? $_GET['search'] : $_POST['search']);
$_POST['search'] = trim(isset($_GET['search']) ? html_entity_decode(htmlspecialchars_decode($_GET['search'], ENT_QUOTES), ENT_QUOTES) : $_POST['search']);
$_POST['fields'] = isset($_GET['fields']) ? explode(',', $_GET['fields']) : $_POST['fields'];

$context['old_search'] = $_REQUEST['search'];
$context['old_search_value'] = urlencode($_REQUEST['search']);
$_POST['search'] = $_REQUEST['search'] = $smcFunc['htmlspecialchars']($_POST['search'], ENT_QUOTES);

$context['old_search'] = $_POST['search'];
$context['old_search_value'] = urlencode($_POST['search']);

// No fields? Use default...
if (empty($_POST['fields']))
$_POST['fields'] = array('name');

$_POST['fields'] = array_intersect($_POST['fields'], array_merge(array('name', 'website', 'group', 'email'), array_keys($context['custom_search_fields'])));

// Set defaults for how the results are sorted
if (!isset($_REQUEST['sort']) || !isset($context['columns'][$_REQUEST['sort']]))
$_REQUEST['sort'] = 'real_name';
Expand All @@ -445,7 +449,7 @@ function MLSearch()
$context['columns'][$col]['href'] .= ';desc';

if (isset($_POST['search']) && isset($_POST['fields']))
$context['columns'][$col]['href'] .= ';search=' . $_POST['search'] . ';fields=' . implode(',', $_POST['fields']);
$context['columns'][$col]['href'] .= ';search=' . urlencode($_POST['search']) . ';fields=' . implode(',', $_POST['fields']);

$context['columns'][$col]['link'] = '<a href="' . $context['columns'][$col]['href'] . '" rel="nofollow">' . $context['columns'][$col]['label'] . '</a>';
$context['columns'][$col]['selected'] = $_REQUEST['sort'] == $col;
Expand All @@ -459,7 +463,7 @@ function MLSearch()
'regular_id_group' => 0,
'is_activated' => 1,
'blank_string' => '',
'search' => '%' . strtr($smcFunc['htmlspecialchars']($_POST['search'], ENT_QUOTES), array('_' => '\\_', '%' => '\\%', '*' => '%')) . '%',
'search' => '%' . strtr($_POST['search'], array('_' => '\\_', '%' => '\\%', '*' => '%')) . '%',
'sort' => $context['columns'][$_REQUEST['sort']]['sort'][$context['sort_direction']],
);

Expand Down Expand Up @@ -504,12 +508,11 @@ function MLSearch()
// Any custom fields to search for - these being tricky?
foreach ($_POST['fields'] as $field)
{
$row['col_name'] = substr($field, 5);
if (substr($field, 0, 5) == 'cust_' && isset($context['custom_search_fields'][$row['col_name']]))
if (substr($field, 0, 5) == 'cust_' && isset($context['custom_search_fields'][$field]))
{
$customJoin[] = 'LEFT JOIN {db_prefix}themes AS t' . $row['col_name'] . ' ON (t' . $row['col_name'] . '.variable = {string:t' . $row['col_name'] . '} AND t' . $row['col_name'] . '.id_theme = 1 AND t' . $row['col_name'] . '.id_member = mem.id_member)';
$query_parameters['t' . $row['col_name']] = $row['col_name'];
$fields += array($customCount++ => 'COALESCE(t' . $row['col_name'] . '.value, {string:blank_string})');
$customJoin[] = 'LEFT JOIN {db_prefix}themes AS t' . $field . ' ON (t' . $field . '.variable = {string:t' . $field . '} AND t' . $field . '.id_theme = 1 AND t' . $field . '.id_member = mem.id_member)';
$query_parameters['t' . $field] = $field;
$fields += array($customCount++ => 'COALESCE(t' . $field . '.value, {string:blank_string})');
$search_fields[] = $field;
}
}
Expand All @@ -523,8 +526,8 @@ function MLSearch()
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}members AS mem
LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:regular_id_group} THEN mem.id_post_group ELSE mem.id_group END)' .
(empty($customJoin) ? '' : implode('
LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:regular_id_group} THEN mem.id_post_group ELSE mem.id_group END)
' . (empty($customJoin) ? '' : implode('
', $customJoin)) . '
WHERE (' . implode(' ' . $query . ' OR ', $fields) . ' ' . $query . ')
AND mem.is_activated = {int:is_activated}',
Expand All @@ -533,10 +536,10 @@ function MLSearch()
list ($numResults) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);

$context['page_index'] = constructPageIndex($scripturl . '?action=mlist;sa=search;search=' . $_POST['search'] . ';fields=' . implode(',', $_POST['fields']), $_REQUEST['start'], $numResults, $modSettings['defaultMaxMembers']);
$context['page_index'] = constructPageIndex($scripturl . '?action=mlist;sa=search;search=' . urlencode($_POST['search']) . ';fields=' . implode(',', $_POST['fields']), $_REQUEST['start'], $numResults, $modSettings['defaultMaxMembers']);

$custom_fields_qry = '';
if (array_search('cust_' . $_REQUEST['sort'], $_POST['fields']) === false && !empty($context['custom_profile_fields']['join'][$_REQUEST['sort']]))
if (array_search($_REQUEST['sort'], $_POST['fields']) === false && !empty($context['custom_profile_fields']['join'][$_REQUEST['sort']]))
$custom_fields_qry = $context['custom_profile_fields']['join'][$_REQUEST['sort']];

// Find the members from the database.
Expand Down Expand Up @@ -582,7 +585,7 @@ function MLSearch()
}

foreach ($context['custom_search_fields'] as $field)
$context['search_fields']['cust_' . $field['colname']] = sprintf($txt['mlist_search_by'], tokenTxtReplace($field['name']));
$context['search_fields'][$field['colname']] = sprintf($txt['mlist_search_by'], tokenTxtReplace($field['name']));

$context['sub_template'] = 'search';
$context['old_search'] = isset($_GET['search']) ? $_GET['search'] : (isset($_POST['search']) ? $smcFunc['htmlspecialchars']($_POST['search']) : '');
Expand Down
19 changes: 13 additions & 6 deletions Sources/PersonalMessage.php
Original file line number Diff line number Diff line change
Expand Up @@ -3275,7 +3275,7 @@ function ManageLabels()
$labels_to_remove = array();
$label_updates = array();

// Add all existing labels to the array to save, slashing them as necessary...
// Add all of the current user's existing labels to the array to save, slashing them as necessary...
foreach ($context['labels'] as $label)
{
if ($label['id'] != -1)
Expand Down Expand Up @@ -3311,8 +3311,11 @@ function ManageLabels()
{
foreach ($_POST['delete_label'] AS $label => $dummy)
{
unset($the_labels[$label]);
$labels_to_remove[] = $label;
if (array_key_exists($label, $the_labels))
{
unset($the_labels[$label]);
$labels_to_remove[] = $label;
}
}
}
// The hardest one to deal with... changes.
Expand Down Expand Up @@ -3364,10 +3367,12 @@ function ManageLabels()
$smcFunc['db_query']('', '
UPDATE {db_prefix}pm_labels
SET name = {string:name}
WHERE id_label = {int:id_label}',
WHERE id_label = {int:id_label}
AND id_member = {int:current_member}',
array(
'name' => $name,
'id_label' => $id
'id_label' => $id,
'current_member' => $user_info['id'],
)
);
}
Expand All @@ -3379,9 +3384,11 @@ function ManageLabels()
// First delete the labels
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}pm_labels
WHERE id_label IN ({array_int:labels_to_delete})',
WHERE id_label IN ({array_int:labels_to_delete})
AND id_member = {int:current_member}',
array(
'labels_to_delete' => $labels_to_remove,
'current_member' => $user_info['id'],
)
);

Expand Down
2 changes: 1 addition & 1 deletion Sources/Subs-Auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -394,7 +394,7 @@ function findMembers($names, $use_wildcards = false, $buddies_only = false, $max

$maybe_email = false;
$names_list = array();
foreach ($names as $i => $name)
foreach (array_values($names) as $i => $name)
{
// Trim, and fix wildcards for each name.
$names[$i] = trim($smcFunc['strtolower']($name));
Expand Down

0 comments on commit 19a9de6

Please sign in to comment.