streams/mod/search.php

<?php

function search_init(&$a) {
	if(x($_REQUEST,'search'))
		$a->data['search'] = $_REQUEST['search'];
}


function search_content(&$a,$update = 0, $load = false) {

	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
		notice( t('Public access denied.') . EOL);
		return;
	}

	nav_set_selected('search');

	require_once("include/bbcode.php");
	require_once('include/security.php');
	require_once('include/conversation.php');
	require_once('include/items.php');


	$observer = $a->get_observer();

	$o = '<div id="live-search"></div>' . "\r\n";

	$o .= '<h3>' . t('Search') . '</h3>';

	if(x($a->data,'search'))
		$search = trim($a->data['search']);
	else
		$search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');

	$tag = false;
	if(x($_GET,'tag')) {
		$tag = true;
		$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
	}

	$o .= search($search,'search-box','/search',((local_user()) ? true : false));

	if(strpos($search,'#') === 0) {
		$tag = true;
		$search = substr($search,1);
	}
	if(strpos($search,'@') === 0) {
		$search = substr($search,1);
		goaway(z_root() . '/directory' . '?f=1&search=' . $search);
	}

	// look for a naked webbie
	if(strpos($search,'@') !== false) {
		goaway(z_root() . '/directory' . '?f=1&search=' . $search);
	}

	if(! $search)
		return $o;

	if($tag) {
		$sql_extra = sprintf(" AND `item`.`id` IN (select `oid` from term where otype = %d and type = %d and term = '%s') ",
			intval(TERM_OBJ_POST),
			intval(TERM_HASHTAG),
			dbesc(protect_sprintf($search))
		);
	}
	else {
		$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
	}

	// Here is the way permissions work in the search module...
	// Only public posts can be shown
	// OR your own posts if you are a logged in member
	// No items will be shown if the member has a blocked profile wall. 

	if((! $update) && (! $load)) {

		// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
		// because browser prefetching might change it on us. We have to deliver it with the page.

		$o .= '<div id="live-search"></div>' . "\r\n";
		$o .= "<script> var profile_uid = " . ((intval(local_user())) ? local_user() : (-1))
			. "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";

		$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
			'$baseurl' => z_root(),
			'$pgtype' => 'search',
			'$uid' => (($a->profile['profile_uid']) ? $a->profile['profile_uid'] : '0'),
			'$gid' => '0',
			'$cid' => '0',
			'$cmin' => '0',
			'$cmax' => '0',
			'$star' => '0',
			'$liked' => '0',
			'$conv' => '0',
			'$spam' => '0',
			'$nouveau' => '0',
			'$wall' => '0',
			'$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1),
			'$search' => (($tag) ? urlencode('#') : '') . $search,
			'$order' => '',
			'$file' => '',
			'$cats' => '',
			'$mid' => '',
			'$dend' => '',
			'$dbegin' => ''
		));


	}

	$pub_sql = public_permissions_sql(get_observer_hash());

	if(($update) && ($load)) {
		$itemspage = get_pconfig(local_user(),'system','itemspage');
		$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
		$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));

		if($load) {
			$r = null;

			if(local_user()) {
				$r = q("SELECT distinct mid, item.id as item_id, item.* from item
					WHERE item_restrict = 0
					AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
					OR ( `item`.`uid` = %d ))
					$sql_extra
					group by mid ORDER BY created DESC $pager_sql ",
					intval(local_user()),
					intval(ABOOK_FLAG_BLOCKED)

				);
			}
			if($r === null) {
               $r = q("SELECT distinct mid, item.id as item_id, item.* from item
                    WHERE item_restrict = 0
                    AND ((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = ''
                    AND `item`.`deny_gid`  = '' AND item_private = 0 )
                    and owner_xchan in ( " . stream_perms_xchans(($observer) ? PERMS_NETWORK : PERMS_PUBLIC) . " ))
					$pub_sql )
                    $sql_extra 
                    group by mid ORDER BY created DESC $pager_sql"
                );
			}
		}
		else {
			$r = array();
		}
	}

	if($r) {
		xchan_query($r);
		$items = fetch_post_tags($r,true);
	} else {
		$items = array();
	}

	if($tag) 
		$o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
	else
		$o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';

	$o .= conversation($a,$items,'search',$update,'client');

	return $o;
}
added search 2010-11-09 01:30:00 +00:00			`<?php`

saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 04:42:52 +00:00			`function search_init(&$a) {`
comanchify mod_search - we've got three modules left to Comanchify: admin, directory and message - each of which introduces "interesting challenges" 2013-12-20 09:39:42 +00:00			`if(x($_REQUEST,'search'))`
			`$a->data['search'] = $_REQUEST['search'];`
make both content and people search POSTable 2010-12-13 02:43:32 +00:00			`}`


get search page working with live-update and endless scroll, still not perfect - there may be duplicated content and possibly unauthorised content and 'timeago' not working correctly - will deal with those later, but at least you can see results. 2013-05-10 01:08:00 +00:00			`function search_content(&$a,$update = 0, $load = false) {`
added search 2010-11-09 01:30:00 +00:00
"firewall" setting - block all public pages from the public if configured to do so 2011-04-22 00:29:47 +00:00			`if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {`
			`notice( t('Public access denied.') . EOL);`
			`return;`
			`}`
Saved searches now can search for tags as well 2012-05-26 09:51:48 +00:00
remove javascript to set selectect nav item. enanche img template prefetch ignoring 2011-08-17 16:36:24 +00:00			`nav_set_selected('search');`
"firewall" setting - block all public pages from the public if configured to do so 2011-04-22 00:29:47 +00:00
move all message display sub-functions from boot.php into conversation.php 2011-04-13 00:58:16 +00:00			`require_once("include/bbcode.php");`
			`require_once('include/security.php');`
			`require_once('include/conversation.php');`
updates 2012-09-10 04:17:06 +00:00			`require_once('include/items.php');`
move all message display sub-functions from boot.php into conversation.php 2011-04-13 00:58:16 +00:00
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00
			`$observer = $a->get_observer();`

added search 2010-11-09 01:30:00 +00:00			`$o = '<div id="live-search"></div>' . "\r\n";`

search with leading @ performs directory search (# for tag search), nothing for text search 2012-05-20 04:53:27 +00:00			`$o .= '<h3>' . t('Search') . '</h3>';`
added search 2010-11-09 01:30:00 +00:00
make both content and people search POSTable 2010-12-13 02:43:32 +00:00			`if(x($a->data,'search'))`
move saved searches to new taxonomy 2012-07-12 00:54:00 +00:00			`$search = trim($a->data['search']);`
make both content and people search POSTable 2010-12-13 02:43:32 +00:00			`else`
move saved searches to new taxonomy 2012-07-12 00:54:00 +00:00			`$search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');`
added search 2010-11-09 01:30:00 +00:00
separate tag search from body search 2012-04-24 05:41:32 +00:00			`$tag = false;`
			`if(x($_GET,'tag')) {`
			`$tag = true;`
move saved searches to new taxonomy 2012-07-12 00:54:00 +00:00			`$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');`
separate tag search from body search 2012-04-24 05:41:32 +00:00			`}`

saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 04:42:52 +00:00			`$o .= search($search,'search-box','/search',((local_user()) ? true : false));`
added search 2010-11-09 01:30:00 +00:00
backend support for 'x' deliveries per process - x is configurable, more importantly any search starting with # is automatically a tag search. TODO: Need to extend this to people searches starting with @ 2012-05-19 09:42:11 +00:00			`if(strpos($search,'#') === 0) {`
			`$tag = true;`
			`$search = substr($search,1);`
			`}`
search with leading @ performs directory search (# for tag search), nothing for text search 2012-05-20 04:53:27 +00:00			`if(strpos($search,'@') === 0) {`
link people search from navbar 2013-01-19 03:15:08 +00:00			`$search = substr($search,1);`
typo 2013-01-19 03:16:27 +00:00			`goaway(z_root() . '/directory' . '?f=1&search=' . $search);`
search with leading @ performs directory search (# for tag search), nothing for text search 2012-05-20 04:53:27 +00:00			`}`
backend support for 'x' deliveries per process - x is configurable, more importantly any search starting with # is automatically a tag search. TODO: Need to extend this to people searches starting with @ 2012-05-19 09:42:11 +00:00
security fixes related to directory access and sites that are off the grid 2013-01-22 10:56:32 +00:00			`// look for a naked webbie`
			`if(strpos($search,'@') !== false) {`
			`goaway(z_root() . '/directory' . '?f=1&search=' . $search);`
			`}`

added search 2010-11-09 01:30:00 +00:00			`if(! $search)`
			`return $o;`

create fetch_tags function, make search work again, change logo 2012-07-11 02:28:02 +00:00			`if($tag) {`
			$sql_extra = sprintf(" AND `item`.`id` IN (select `oid` from term where otype = %d and type = %d and term = '%s') ",
			`intval(TERM_OBJ_POST),`
			`intval(TERM_HASHTAG),`
			`dbesc(protect_sprintf($search))`
			`);`
			`}`
			`else {`
comanchify mod_search - we've got three modules left to Comanchify: admin, directory and message - each of which introduces "interesting challenges" 2013-12-20 09:39:42 +00:00			$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 01:21:07 +00:00			`}`
separate tag search from body search 2012-04-24 05:41:32 +00:00
improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 12:00:11 +00:00			`// Here is the way permissions work in the search module...`
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 21:55:18 +00:00			`// Only public posts can be shown`
improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 12:00:11 +00:00			`// OR your own posts if you are a logged in member`
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 21:55:18 +00:00			`// No items will be shown if the member has a blocked profile wall.`
added search 2010-11-09 01:30:00 +00:00
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`if((! $update) && (! $load)) {`

			`// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,`
			`// because browser prefetching might change it on us. We have to deliver it with the page.`

mod_display - no fun. Not working at all. But a bit of progress. 2013-02-10 12:55:29 +00:00			`$o .= '<div id="live-search"></div>' . "\r\n";`
fix mod-display when not logged in. 2013-06-18 09:06:16 +00:00			`$o .= "<script> var profile_uid = " . ((intval(local_user())) ? local_user() : (-1))`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`. "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";`

			`$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(`
			`'$baseurl' => z_root(),`
			`'$pgtype' => 'search',`
			`'$uid' => (($a->profile['profile_uid']) ? $a->profile['profile_uid'] : '0'),`
			`'$gid' => '0',`
			`'$cid' => '0',`
			`'$cmin' => '0',`
			`'$cmax' => '0',`
			`'$star' => '0',`
			`'$liked' => '0',`
			`'$conv' => '0',`
			`'$spam' => '0',`
			`'$nouveau' => '0',`
			`'$wall' => '0',`
			`'$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1),`
make tag searches work at least as well as the normal search - which still is quite broken, but at least return some results without introducing too many security holes 2013-06-21 00:09:11 +00:00			`'$search' => (($tag) ? urlencode('#') : '') . $search,`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`'$order' => '',`
			`'$file' => '',`
			`'$cats' => '',`
Updated build_query for mid 2013-03-25 19:20:12 +00:00			`'$mid' => '',`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`'$dend' => '',`
			`'$dbegin' => ''`
			`));`


			`}`

fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`$pub_sql = public_permissions_sql(get_observer_hash());`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00
			`if(($update) && ($load)) {`
search should respect max items to load as well 2013-11-22 13:17:47 +00:00			`$itemspage = get_pconfig(local_user(),'system','itemspage');`
			`$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`if($load) {`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`$r = null;`

			`if(local_user()) {`
fix search to display more than one item 2013-10-11 04:31:40 +00:00			`$r = q("SELECT distinct mid, item.id as item_id, item.* from item`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`WHERE item_restrict = 0`
			AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
			OR ( `item`.`uid` = %d ))
			`$sql_extra`
			`group by mid ORDER BY created DESC $pager_sql ",`
			`intval(local_user()),`
			`intval(ABOOK_FLAG_BLOCKED)`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`);`
			`}`
			`if($r === null) {`
fix search to display more than one item 2013-10-11 04:31:40 +00:00			`$r = q("SELECT distinct mid, item.id as item_id, item.* from item`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`WHERE item_restrict = 0`
			AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
			AND `item`.`deny_gid` = '' AND item_private = 0 )
one more edge case in the public perms - don't match perms = 0 which is private, this and prior checkin are for issue #114 2013-09-23 05:58:59 +00:00			`and owner_xchan in ( " . stream_perms_xchans(($observer) ? PERMS_NETWORK : PERMS_PUBLIC) . " ))`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`$pub_sql )`
			`$sql_extra`
			`group by mid ORDER BY created DESC $pager_sql"`
			`);`
			`}`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`}`
			`else {`
			`$r = array();`
			`}`
			`}`

			`if($r) {`
fixes for display and search privacy enforcement 2013-09-23 05:52:48 +00:00			`xchan_query($r);`
			`$items = fetch_post_tags($r,true);`
verify table needs auto_increment flag 2013-01-03 07:07:46 +00:00			`} else {`
			`$items = array();`
added search 2010-11-09 01:30:00 +00:00			`}`

separate tag search from body search 2012-04-24 05:41:32 +00:00			`if($tag)`
check that every invocation of htmlspecialchars has the right arg list 2013-12-12 10:01:42 +00:00			`$o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';`
separate tag search from body search 2012-04-24 05:41:32 +00:00			`else`
check that every invocation of htmlspecialchars has the right arg list 2013-12-12 10:01:42 +00:00			`$o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';`
all conversations unified except photos 2011-04-11 08:31:04 +00:00
get search page working with live-update and endless scroll, still not perfect - there may be duplicated content and possibly unauthorised content and 'timeago' not working correctly - will deal with those later, but at least you can see results. 2013-05-10 01:08:00 +00:00			`$o .= conversation($a,$items,'search',$update,'client');`
no pagination on search page 2010-11-25 02:37:10 +00:00
added search 2010-11-09 01:30:00 +00:00			`return $o;`
			`}`