Ignore:
Timestamp:
10/04/13 16:47:32 (11 years ago)
Author:
Kris Deugau
Message:

/branches/stable

File off the last few rough edges (make sure webpath is used everywhere

appropriate)

Update copyright dates
Bump the version for release

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/stable/cgi-bin/search.cgi

    r594 r601  
    99# Last update by $Author$
    1010###
    11 # Copyright 2005-2011 - Kris Deugau
     11# Copyright (C) 2005-2013 Kris Deugau <kdeugau@deepnet.cx>
    1212
    1313use strict;             
     
    7676if (!defined($webvar{stype})) {
    7777  $webvar{stype} = "<NULL>";   #shuts up the warnings.
    78   $page = HTML::Template->new(filename => "search/compsearch.tmpl");
     78  $page = HTML::Template->new(filename => "search/compsearch.tmpl",
     79        global_vars => 1);
    7980} else {
    80   $page = HTML::Template->new(filename => "search/sresults.tmpl");
     81  $page = HTML::Template->new(filename => "search/sresults.tmpl",
     82        global_vars => 1);
    8183}
     84$page->param(webpath => $IPDB::webpath);
    8285
    8386my $header = HTML::Template->new(filename => "header.tmpl");
    8487$header->param(version => $IPDB::VERSION);
    8588$header->param(addperm => $IPDBacl{$authuser} =~ /a/);
     89$header->param(webpath => $IPDB::webpath);
    8690print "Content-type: text/html\n\n", $header->output;
    8791
     
    355359    queryResults($sql, $webvar{page}, $count);
    356360
    357   } elsif ($category eq 'cust') {
     361  } elsif ($category eq 'cust' || $category eq 'desc') {
    358362
    359363##fixme:  this and other quick-search areas;  fix up page heading title similar to first grouping above
    360     print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
    361 
     364    print qq(<div class="heading">Searching for Customer IDs or Descriptions containing '$query'</div><br>\n);
     365
     366# head off the worst of SQL injection.  search really needs a big rewrite...
     367$query =~ s/'/''/g;
    362368    # Query for a customer ID.  Note that we can't restrict to "numeric-only"
    363369    # as we have non-numeric custIDs in the legacy data.  :/
    364     $sql = "select $cols from searchme where custid ilike '%$query%' or description like '%$query%'";
    365     my $count = countRows($sql);
    366     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    367     queryResults($sql, $webvar{page}, $count);
    368 
    369   } elsif ($category eq 'desc') {
    370 
    371     print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
    372     # Query based on description (includes "name" from old DB).
    373     $sql = "select $cols from searchme where description ilike '%$query%'".
    374         " or custid ilike '%$query%'";
     370    $sql = "select $cols from searchme where custid ilike '%$query%' or description ilike '%$query%'";
    375371    my $count = countRows($sql);
    376372    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
Note: See TracChangeset for help on using the changeset viewer.