--- loncom/interface/lonsearchcat.pm 2001/03/21 03:06:50 1.56 +++ loncom/interface/lonsearchcat.pm 2001/03/22 13:10:06 1.64 @@ -107,7 +107,7 @@ END { my $fh=Apache::File->new($r->dir_config('lonTabDir').'/language.tab'); map { - $_=~/(\w+)\s+([\w\s\-]+)/; + $_=~/(\w+)\s+([\w\s\-]+)/; chomp; $language{$1}=$2; } <$fh>; } @@ -117,7 +117,7 @@ END { my $fh=Apache::File->new($r->dir_config('lonIncludes').'/copyright.tab'); map { - $_=~/(\w+)\s+([\w\s\-]+)/; + $_=~/(\w+)\s+([\w\s\-]+)/; chomp; $cprtag{$1}=$2; } <$fh>; } @@ -127,7 +127,7 @@ END { my $fh=Apache::File->new($r->dir_config('lonTabDir').'/filetypes.tab'); map { - $_=~/(\w+)\s+(\w+)\s+([\w\s\-]+)/; + $_=~/(\w+)\s+(\w+)\s+([\w\s\-]+)/; chomp; $mimetag{$1}=".$1 $3"; } <$fh>; } @@ -477,6 +477,18 @@ sub advancedsearch { my %ENV=%{$envhash}; my $fillflag=0; + # Clean up fields for safety + for my $field ('title','author','subject','keywords','url','version', + 'creationdatestart_month','creationdatestart_day', + 'creationdatestart_year','creationdateend_month', + 'creationdateend_day','creationdateend_year', + 'lastrevisiondatestart_month','lastrevisiondatestart_day', + 'lastrevisiondatestart_year','lastrevisiondateend_month', + 'lastrevisiondateend_day','lastrevisiondateend_year', + 'notes','abstract','mime','language','owner', + 'custommetadata') { + $ENV{"form.$field"}=~s/[^\w\s\(\)\-\"\']//g; + } for my $field ('title','author','subject','keywords','url','version', 'notes','abstract','mime','language','owner', 'custommetadata') { @@ -494,16 +506,53 @@ sub advancedsearch { my @queries; # Go through logical expression AND/OR/NOT phrase fields. - foreach my $field ('title','author','subject','notes','abstract') { + + foreach my $field ('title','author','subject','notes','abstract','url', + 'keywords','version','owner') { if ($ENV{'form.'.$field}) { push @queries,&build_SQL_query($field,$ENV{'form.'.$field}); } } + if ($ENV{'form.language'} and $ENV{'form.language'} ne 'any') { + push @queries,"(language like \"\%$ENV{'form.language'}\%\")"; + } + if ($ENV{'form.mime'} and $ENV{'form.mime'} ne 'any') { + push @queries,"(mime like \"\%$ENV{'form.mime'}\%\")"; + } + if ($ENV{'form.copyright'} and $ENV{'form.copyright'} ne 'any') { + push @queries,"(copyright like \"\%$ENV{'form.copyright'}\%\")"; + } + my $datequery=&build_date_queries( + $ENV{'form.creationdatestart_month'}, + $ENV{'form.creationdatestart_day'}, + $ENV{'form.creationdatestart_year'}, + $ENV{'form.creationdateend_month'}, + $ENV{'form.creationdateend_day'}, + $ENV{'form.creationdateend_year'}, + $ENV{'form.lastrevisiondatestart_month'}, + $ENV{'form.lastrevisiondatestart_day'}, + $ENV{'form.lastrevisiondatestart_year'}, + $ENV{'form.lastrevisiondateend_month'}, + $ENV{'form.lastrevisiondateend_day'}, + $ENV{'form.lastrevisiondateend_year'}, + ); + if ($datequery=~/^Incorrect/) { + &output_date_error($r,$datequery); + return OK; + } + elsif ($datequery) { + push @queries,$datequery; + } + my $customquery; + if ($ENV{'form.custommetadata'}) { + $customquery=&build_custommetadata_query('custommetadata', + $ENV{'form.custommetadata'}); + } if (@queries) { - $query=join(" and ",@queries); + $query=join(" AND ",@queries); $query="select * from metadata where $query"; my $reply=&Apache::lonnet::metadata_query($query); - &output_results('Advanced',$r,$envhash,$query,$reply); + &output_results('Advanced',$r,$envhash,$customquery,$reply); } else { &output_results('Advanced',$r,$envhash,$query); @@ -527,6 +576,11 @@ sub basicsearch { my ($r,$envhash)=@_; my %ENV=%{$envhash}; + # Clean up fields for safety + for my $field ('basicexp') { + $ENV{"form.$field"}=~s/[^\w\s\(\)\-]//g; + } + unless (&filled($ENV{'form.basicexp'})) { &output_blank_field_error($r); return OK; @@ -749,6 +803,17 @@ sub build_SQL_query { return $sql_query; } +# ------------------------------------------------- build custom metadata query +sub build_custommetadata_query { + my ($field_name,$logic_statement)=@_; + my $q=new Text::Query('abc', + -parse => 'Text::Query::ParseAdvanced', + -build => 'Text::Query::BuildAdvancedString'); + $q->prepare($logic_statement); + my $matchexp=${$q}{'-parse'}{'-build'}{'matchstring'}; + return $matchexp; +} + # - Recursively parse a reverse notation expression into a SQL query expression sub recursive_SQL_query_build { my ($dkey,$pattern)=@_; @@ -784,7 +849,6 @@ sub detailed_citation_view { $notes,$shortabstract,$mime,$lang, $creationdate,$lastrevisiondate,$owner,$copyright, $hostname,$httphost)=@_; - return 'abc'; my $result=<$owner, last revised $lastrevisiondate

$title

@@ -855,7 +919,7 @@ sub xml_sgml_view { my $result=< <LonCapaResource> -<url>http://$httphost$url</url> +<url>$url</url> <title>$title</title> <author>$author</author> <subject>$subject</subject> @@ -878,10 +942,102 @@ sub xml_sgml_view { </copyrightInfo> <repositoryLocation>$hostname</repositoryLocation> <shortabstract>$shortabstract</shortabstract> +</LonCapaResource> END return $result; } +sub build_date_queries { + my ($cmonth1,$cday1,$cyear1,$cmonth2,$cday2,$cyear2, + $lmonth1,$lday1,$lyear1,$lmonth2,$lday2,$lyear2)=@_; + my @queries; + if ($cmonth1 or $cday1 or $cyear1 or $cmonth2 or $cday2 or $cyear2) { + unless ($cmonth1 and $cday1 and $cyear1 and + $cmonth2 and $cday2 and $cyear2) { + return "Incorrect entry for the creation date. You must specify ". + "a starting month, day, and year and an ending month, ". + "day, and year."; + } + my $cnumeric1=sprintf("%d%2d%2d",$cyear1,$cmonth1,$cday1); + $cnumeric1+=0; + my $cnumeric2=sprintf("%d%2d%2d",$cyear2,$cmonth2,$cday2); + $cnumeric2+=0; + if ($cnumeric1>$cnumeric2) { + return "Incorrect entry for the creation date. The starting ". + "date must occur before the ending date."; + } + my $cquery="(creationdate BETWEEN '$cyear1-$cmonth1-$cday1' AND '". + "$cyear2-$cmonth2-$cday2 23:59:59')"; + push @queries,$cquery; + } + if ($lmonth1 or $lday1 or $lyear1 or $lmonth2 or $lday2 or $lyear2) { + unless ($lmonth1 and $lday1 and $lyear1 and + $lmonth2 and $lday2 and $lyear2) { + return "Incorrect entry for the last revision date. You must ". + "specify a starting month, day, and year and an ending ". + "month, day, and year."; + } + my $lnumeric1=sprintf("%d%2d%2d",$lyear1,$lmonth1,$lday1); + $lnumeric1+=0; + my $lnumeric2=sprintf("%d%2d%2d",$lyear2,$lmonth2,$lday2); + $lnumeric2+=0; + if ($lnumeric1>$lnumeric2) { + return "Incorrect entry for the last revision date. The ". + "starting date must occur before the ending date."; + } + my $lquery="(lastrevisiondate BETWEEN '$lyear1-$lmonth1-$lday1' AND '". + "$lyear2-$lmonth2-$lday2 23:59:59')"; + push @queries,$lquery; + } + if (@queries) { + return join(" AND ",@queries); + } + return ''; +} + +sub output_date_error { + my ($r,$message)=@_; + # make query information persistent to allow for subsequent revision + my $persistent=''; + map { + if (/^form\./ && !/submit/) { + my $name=$_; + my $key=$name; + $name=~s/^form\.//; + $persistent.=< +END + } + } (keys %ENV); + + $r->print(< + +The LearningOnline Network with CAPA +BEGINNING + $r->print(< + + +

Search Catalog

+
+$persistent + +$closebutton +
+

Helpful Message

+

+$message +

+ + +RESULTS +} + +sub make_persistent { + $ENV{"form.$field"}=~s/\"/\\\"/g; +} 1; __END__ 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.