petermolnar/nasg
1
0
Fork 0
Code Issues Pull requests 5 Projects Releases Packages Wiki Activity Actions

filter_var is important, mmmkay?

Browse source
This commit is contained in:
Peter Molnar 2020-01-06 13:57:29 +00:00
parent 71a54c6317
commit c55a4e756d
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
templates/Search.j2.php
View file

@ -33,9 +33,8 @@ elseif(isset($_GET['search'])) {
else { else {
$q = ''; $q = '';
} }
$q = filter_var($q, FILTER_SANITIZE_STRING);
$db = new SQLite3('./search.sqlite', SQLITE3_OPEN_READONLY); $db = new SQLite3('./search.sqlite', SQLITE3_OPEN_READONLY);
$q = str_replace('-', '+', $q);
$sql = $db->prepare(" $sql = $db->prepare("
SELECT SELECT
url, category, title, snippet(data, '', '', '[...]', 5, 24), mtime url, category, title, snippet(data, '', '', '[...]', 5, 24), mtime
@ -46,7 +45,7 @@ $sql = $db->prepare("
ORDER BY ORDER BY
category, mtime category, mtime
"); ");
$sql->bindValue(':q', $q); $sql->bindValue(':q', str_replace('-', '+', $q));
$query = $sql->execute(); $query = $sql->execute();
$results = array(); $results = array();
if($query) { if($query) {
@ -118,11 +117,11 @@ if (isset($_GET['json'])) {
{% extends "base.j2.html" %} {% extends "base.j2.html" %}
{% block lang %}{% endblock %} {% block lang %}{% endblock %}
{% block title %}Search results for: <?php echo($_GET['q']); ?>{% endblock %} {% block title %}Search results for: <?php echo($q); ?>{% endblock %}
{% block content %} {% block content %}
<main id="main" class="h-feed hatom"> <main id="main" class="h-feed hatom">
<h1>Search results for: <?php echo($_GET['q']); ?></h1> <h1>Search results for: <?php echo($q); ?></h1>
<dl> <dl>
<?php <?php
foreach($results as $row) { foreach($results as $row) {