--- loncom/interface/lonsearchcat.pm 2001/03/21 12:58:30 1.63 +++ loncom/interface/lonsearchcat.pm 2001/03/22 13:26:59 1.66 @@ -477,6 +477,18 @@ sub advancedsearch { my %ENV=%{$envhash}; my $fillflag=0; + # Clean up fields for safety + for my $field ('title','author','subject','keywords','url','version', + 'creationdatestart_month','creationdatestart_day', + 'creationdatestart_year','creationdateend_month', + 'creationdateend_day','creationdateend_year', + 'lastrevisiondatestart_month','lastrevisiondatestart_day', + 'lastrevisiondatestart_year','lastrevisiondateend_month', + 'lastrevisiondateend_day','lastrevisiondateend_year', + 'notes','abstract','mime','language','owner', + 'custommetadata') { + $ENV{"form.$field"}=~s/[^\w\s\(\)\-\"\']//g; + } for my $field ('title','author','subject','keywords','url','version', 'notes','abstract','mime','language','owner', 'custommetadata') { @@ -531,11 +543,16 @@ sub advancedsearch { elsif ($datequery) { push @queries,$datequery; } + my $customquery; + if ($ENV{'form.custommetadata'}) { + $customquery=&build_custommetadata_query('custommetadata', + $ENV{'form.custommetadata'}); + } if (@queries) { $query=join(" AND ",@queries); $query="select * from metadata where $query"; my $reply=&Apache::lonnet::metadata_query($query); - &output_results('Advanced',$r,$envhash,$query,$reply); + &output_results('Advanced',$r,$envhash,$customquery,$reply); } else { &output_results('Advanced',$r,$envhash,$query); @@ -559,6 +576,11 @@ sub basicsearch { my ($r,$envhash)=@_; my %ENV=%{$envhash}; + # Clean up fields for safety + for my $field ('basicexp') { + $ENV{"form.$field"}=~s/[^\w\s\(\)\-]//g; + } + unless (&filled($ENV{'form.basicexp'})) { &output_blank_field_error($r); return OK; @@ -578,17 +600,7 @@ sub basicsearch { sub output_blank_field_error { my ($r)=@_; # make query information persistent to allow for subsequent revision - my $persistent=''; - map { - if (/^form\./ && !/submit/) { - my $name=$_; - my $key=$name; - $name=~s/^form\.//; - $persistent.=< -END - } - } (keys %ENV); + my $persistent=&make_persistent(); $r->print(< @@ -697,17 +709,7 @@ END } # make query information persistent to allow for subsequent revision - my $persistent=''; - map { - if (/^form\./ && !/submit/) { - my $name=$_; - my $key=$name; - $name=~s/^form\.//; - $persistent.=< -END - } - } (keys %ENV); + my $persistent=&make_persistent(); $r->print(< @@ -781,6 +783,17 @@ sub build_SQL_query { return $sql_query; } +# ------------------------------------------------- build custom metadata query +sub build_custommetadata_query { + my ($field_name,$logic_statement)=@_; + my $q=new Text::Query('abc', + -parse => 'Text::Query::ParseAdvanced', + -build => 'Text::Query::BuildAdvancedString'); + $q->prepare($logic_statement); + my $matchexp=${$q}{'-parse'}{'-build'}{'matchstring'}; + return $matchexp; +} + # - Recursively parse a reverse notation expression into a SQL query expression sub recursive_SQL_query_build { my ($dkey,$pattern)=@_; @@ -966,17 +979,7 @@ sub build_date_queries { sub output_date_error { my ($r,$message)=@_; # make query information persistent to allow for subsequent revision - my $persistent=''; - map { - if (/^form\./ && !/submit/) { - my $name=$_; - my $key=$name; - $name=~s/^form\.//; - $persistent.=< -END - } - } (keys %ENV); + my $persistent=&make_persistent(); $r->print(< @@ -1003,5 +1006,21 @@ $message RESULTS } +sub make_persistent { + my $persistent=''; + + map { + if (/^form\./ && !/submit/) { + my $name=$_; + my $key=$name; + $ENV{$key}=~s/\"/\\\"/g; + $name=~s/^form\.//; + $persistent.=< +END + } + } (keys %ENV); + return $persistent; +} 1; __END__