merge r26825 from trunk to branch 2.5

bug 3020 and bug 3021 fixed: additionnal checks in search inputs



git-svn-id: http://piwigo.org/svn/branches/2.5@27933 68402e56-0260-453c-a942-63ccdbb3a9ee

include/functions_search.inc.php

@@ -117,9 +117,13 @@ function get_sql_search_clause($search)
       create_function('&$s','$s="(".$s.")";')
       );
 
-    array_push(
-      $clauses,
-      "\n         ".
+    // make sure the "mode" is either OR or AND
+    if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR')
+    {
+      $search['fields']['allwords']['mode'] = 'AND';
+    }
+
+    $clauses[] = "\n         ".
       implode(
         "\n         ".
               $search['fields']['allwords']['mode'].

search.php

@@ -47,6 +47,8 @@ if (isset($_POST['submit']))
   if (isset($_POST['search_allwords'])
       and !preg_match('/^\s*$/', $_POST['search_allwords']))
   {
+    check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
+    
     $drop_char_match = array(
       '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
       '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
@@ -73,6 +75,7 @@ if (isset($_POST['submit']))
   if (isset($_POST['tags']))
   {
     check_input_parameter('tags', $_POST, true, PATTERN_ID);
+    check_input_parameter('tag_mode', $_POST, false, '/^(OR|AND)$/');
     
     $search['fields']['tags'] = array(
       'words' => $_POST['tags'],
@@ -85,7 +88,7 @@ if (isset($_POST['submit']))
     $search['fields']['author'] = array(
       'words' => preg_split(
         '/\s+/',
-        $_POST['search_author']
+        strip_tags($_POST['search_author'])
         ),
       'mode' => 'OR',
       );

search_rules.php

@@ -106,7 +106,7 @@ if (isset($search['fields']['author']))
     'search_words',
      sprintf(
           l10n('author(s) : %s'),
-          join(', ', $search['fields']['author']['words'])
+          join(', ', array_map('strip_tags', $search['fields']['author']['words']))
         )
       );
 }