From 7f39d5b695f90f5d622f9b070a5a4815c584e707 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 17 Jan 2014 12:50:14 +0000
Subject: bug 3020 and bug 3021 fixed: additionnal checks in search inputs

git-svn-id: http://piwigo.org/svn/trunk@26825 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_search.inc.php | 6 ++++++
 search.php                       | 5 ++++-
 search_rules.php                 | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index 66452459e..9cf50d602 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -113,6 +113,12 @@ function get_sql_search_clause($search)
       create_function('&$s','$s="(".$s.")";')
       );
 
+    // make sure the "mode" is either OR or AND
+    if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR')
+    {
+      $search['fields']['allwords']['mode'] = 'AND';
+    }
+
     $clauses[] = "\n         ".
       implode(
         "\n         ". $search['fields']['allwords']['mode']. "\n         ",
diff --git a/search.php b/search.php
index 43451cb7c..6feee2780 100644
--- a/search.php
+++ b/search.php
@@ -47,6 +47,8 @@ if (isset($_POST['submit']))
   if (isset($_POST['search_allwords'])
       and !preg_match('/^\s*$/', $_POST['search_allwords']))
   {
+    check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
+    
     $drop_char_match = array(
       '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
       '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
@@ -73,6 +75,7 @@ if (isset($_POST['submit']))
   if (isset($_POST['tags']))
   {
     check_input_parameter('tags', $_POST, true, PATTERN_ID);
+    check_input_parameter('tag_mode', $_POST, false, '/^(OR|AND)$/');
     
     $search['fields']['tags'] = array(
       'words' => $_POST['tags'],
@@ -85,7 +88,7 @@ if (isset($_POST['submit']))
     $search['fields']['author'] = array(
       'words' => preg_split(
         '/\s+/',
-        $_POST['search_author']
+        strip_tags($_POST['search_author'])
         ),
       'mode' => 'OR',
       );
diff --git a/search_rules.php b/search_rules.php
index 371262d44..34854d2e0 100644
--- a/search_rules.php
+++ b/search_rules.php
@@ -107,7 +107,7 @@ if (isset($search['fields']['author']))
       'search_words',
       l10n(
         'author(s) : %s',
-        join(', ', $search['fields']['author']['words'])
+        join(', ', array_map('strip_tags', $search['fields']['author']['words']))
         )
       );
 }
-- 
cgit v1.2.3