Skip to:
Content

BuddyPress.org

Changeset 3511


Ignore:
Timestamp:
12/04/2010 11:41:28 PM (14 years ago)
Author:
djpaul
Message:

Fix double-escaping of search string when performing search from the site-wide search box. Partially addresses #2776.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-blogs/bp-blogs-templatetags.php

    r3481 r3511  
    503503
    504504function bp_directory_blogs_search_form() {
    505     global $bp; ?>
     505    global $bp;
     506
     507    $search_value = __( 'Search anything...', 'buddypress' );
     508    if ( !empty( $_GET['s'] ) )
     509        $search_value = stripslashes( $_GET['s'] );
     510
     511    ?>
    506512    <form action="" method="get" id="search-blogs-form">
    507         <label><input type="text" name="s" id="blogs_search" value="<?php if ( isset( $_GET['s'] ) ) { echo $_GET['s']; } else { _e( 'Search anything...', 'buddypress' ); } ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     513        <label><input type="text" name="s" id="blogs_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    508514        <input type="submit" id="blogs_search_submit" name="blogs_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    509515    </form>
  • trunk/bp-core.php

    r3490 r3511  
    16791679 * @package BuddyPress Core
    16801680 * @global $bp The global BuddyPress settings variable created in bp_core_setup_globals()
    1681  * @param $slug The slug to redirect to for searching.
    1682  */
    1683 function bp_core_action_search_site( $slug = false ) {
    1684     global $bp;
    1685 
    1686     if ( $bp->current_component == BP_SEARCH_SLUG ) {
    1687         $search_terms = $_POST['search-terms'];
    1688         $search_which = $_POST['search-which'];
    1689 
    1690         if ( !$slug || empty( $slug ) ) {
    1691             switch ( $search_which ) {
    1692                 case 'members': default:
    1693                     $slug = $bp->members->slug;
    1694                     $var = '/?s=';
    1695                     break;
    1696                 case 'groups':
    1697                     $slug = BP_GROUPS_SLUG;
    1698                     $var = '/?s=';
    1699                     break;
    1700                 case 'forums':
    1701                     $slug = BP_FORUMS_SLUG;
    1702                     $var = '/?fs=';
    1703                     break;
    1704                 case 'blogs':
    1705                     $slug = BP_BLOGS_SLUG;
    1706                     $var = '/?s=';
    1707                     break;
    1708             }
     1681 * @param string $slug The slug to redirect to for searching.
     1682 */
     1683function bp_core_action_search_site( $slug = '' ) {
     1684    global $bp;
     1685
     1686    if ( BP_SEARCH_SLUG != $bp->current_component )
     1687        return;
     1688
     1689    if ( empty( $_POST['search-terms'] ) ) {
     1690        bp_core_redirect( $bp->root_domain );
     1691        return;
     1692    }
     1693
     1694    $search_terms = stripslashes( $_POST['search-terms'] );
     1695    $search_which = !empty( $_POST['search-which'] ) ? $_POST['search-which'] : '';
     1696    $query_string = '/?s=';
     1697
     1698    if ( empty( $slug ) ) {
     1699        switch ( $search_which ) {
     1700            case 'blogs':
     1701                $slug = bp_is_active( 'blogs' )  ? $bp->blogs->slug  : '';
     1702                break;
     1703            case 'forums':
     1704                $slug = bp_is_active( 'forums' ) ? $bp->forums->slug : '';
     1705                $query_string = '/?fs=';
     1706                break;
     1707            case 'groups':
     1708                $slug = bp_is_active( 'groups' ) ? $bp->groups->slug : '';
     1709                break;
     1710            case 'members':
     1711            default:
     1712                $slug = $bp->members->slug;
     1713                break;
    17091714        }
    17101715
    1711         $search_url = apply_filters( 'bp_core_search_site', site_url( $slug . $var . urlencode($search_terms) ), $search_terms );
    1712 
    1713         bp_core_redirect( $search_url );
    1714     }
     1716        if ( empty( $slug ) ) {
     1717            bp_core_redirect( $bp->root_domain );
     1718            return;
     1719        }
     1720    }
     1721
     1722    bp_core_redirect( apply_filters( 'bp_core_search_site', site_url( $slug . $query_string . urlencode( $search_terms ) ), $search_terms ) );
    17151723}
    17161724add_action( 'init', 'bp_core_action_search_site', 5 );
  • trunk/bp-core/bp-core-templatetags.php

    r3503 r3511  
    457457    $search_value = __( 'Search anything...', 'buddypress' );
    458458    if ( !empty( $_GET['s'] ) )
    459         $search_value = $_GET['s'];
     459        $search_value = stripslashes( $_GET['s'] );
    460460
    461461    ?>
  • trunk/bp-forums/bp-forums-templatetags.php

    r3479 r3511  
    10311031    $search_value = __( 'Search anything...', 'buddypress' );
    10321032    if ( !empty( $_REQUEST['fs'] ) )
    1033         $search_value = $_REQUEST['fs'];
     1033        $search_value = stripslashes( $_REQUEST['fs'] );
    10341034
    10351035?>
    10361036    <form action="" method="get" id="search-forums-form">
    1037         <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1037        <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    10381038        <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    10391039    </form>
  • trunk/bp-groups/bp-groups-templatetags.php

    r3479 r3511  
    18361836
    18371837    $search_value = __( 'Search anything...', 'buddypress' );
    1838     if ( isset( $_REQUEST['s'] ) && !empty( $_REQUEST['s'] ) )
    1839         $search_value = $_REQUEST['s'];
     1838    if ( !empty( $_REQUEST['s'] ) )
     1839        $search_value = stripslashes( $_REQUEST['s'] );
    18401840
    18411841?>
    18421842    <form action="" method="get" id="search-groups-form">
    1843         <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1843        <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    18441844        <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    18451845    </form>
Note: See TracChangeset for help on using the changeset viewer.