--- loncom/interface/lonsearchcat.pm	2008/08/27 19:50:46	1.299
+++ loncom/interface/lonsearchcat.pm	2008/10/16 22:58:15	1.300
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Search Catalog
 #
-# $Id: lonsearchcat.pm,v 1.299 2008/08/27 19:50:46 raeburn Exp $
+# $Id: lonsearchcat.pm,v 1.300 2008/10/16 22:58:15 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1394,7 +1394,7 @@ sub parse_advanced_search {
 		   'lastrevisiondatestart_month','lastrevisiondatestart_day',
 		   'lastrevisiondatestart_year','lastrevisiondateend_month',
 		   'lastrevisiondateend_day','lastrevisiondateend_year') {
-	$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.]//g;
+	$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.\*]//g;
     }
     foreach ('mode','form','element') {
 	# is this required?  Hmmm.
@@ -1639,7 +1639,7 @@ sub parse_advanced_search {
     #
     if (@queries) {
         if ($env{'form.area'} eq 'portfolio') {
-            $query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND (".join(') AND (',@queries).'))';
+            $query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND (".join(') AND (',@queries).'))';
         } else {
 	    $query="SELECT * FROM metadata WHERE (".join(") AND (",@queries).')';
         }
@@ -1702,7 +1702,7 @@ sub parse_basic_search {
     #
     # Clean up fields for safety
     for my $field ('basicexp') {
-	$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-]//g;
+	$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-\*]//g;
     }
     foreach ('mode','form','element') {
 	# is this required?  Hmmm.
@@ -1741,7 +1741,7 @@ sub parse_basic_search {
     #}
     my $final_query;
     if ($env{'form.area'} eq 'portfolio') {
-        $final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa  WHERE (pm.url = pa.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND '.join(" AND ",@Queries).')';
+        $final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa  WHERE (pm.url = pa.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND '.join(" AND ",@Queries).')';
     } else {
         $final_query = 'SELECT * FROM metadata WHERE '.join(" AND ",@Queries);
     }