From 882206731128080aac22f6c2aa43ffdb3b9f77a7 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 9 Dec 2013 17:24:11 +0100 Subject: [PATCH] fix search for webspace and traffic related values, also, for integer fields (like diskspace) you can now use the following operators when searching: >, < and =; fixes #772 Signed-off-by: Michael Kaufmann (d00p) --- lib/classes/output/class.paging.php | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/lib/classes/output/class.paging.php b/lib/classes/output/class.paging.php index 5bdf4d8b..ba3033ee 100644 --- a/lib/classes/output/class.paging.php +++ b/lib/classes/output/class.paging.php @@ -175,7 +175,7 @@ class paging { && (preg_match('/[-_@\p{L}\p{N}*.]+$/u', $_REQUEST['searchtext']) || $_REQUEST['searchtext'] === '') ) { - $this->searchtext = $_REQUEST['searchtext']; + $this->searchtext = trim($_REQUEST['searchtext']); } else { if ($checklastpaging && isset($this->userinfo['lastpaging']['searchtext']) @@ -279,8 +279,27 @@ class paging { } $searchfield = implode('.', $searchfield); - $searchtext = str_replace('*', '%', $this->searchtext); - $condition.= $searchfield . " LIKE " . Database::quote($searchtext); + // check for logical operators and whether searchtext is a number + // in any other case the logical-operators would make no sense + $ops = array('<', '>', '='); + if (in_array(substr($this->searchtext, 0, 1), $ops) && is_numeric(substr($this->searchtext, 1))) { + // if we're checking on traffic or diskspace, we need to adjust the search-value + if (strpos($searchfield, 'diskspace') > 0) { + // anything with diskspace is *1024 + $searchtext = ((int)substr($this->searchtext, 1))*1024; + } elseif (strpos($searchfield, 'traffic') > 0) { + // anything with traffic is *1024*1024 + $searchtext = ((int)substr($this->searchtext, 1))*1024*1024; + } else { + // any other field + $searchtext = substr($this->searchtext, 1); + } + // now as we use >, < or = we use the given operator and not LIKE + $condition.= $searchfield . " ".substr($this->searchtext, 0, 1)." " . Database::quote($searchtext); + } else { + $searchtext = str_replace('*', '%', $this->searchtext); + $condition.= $searchfield . " LIKE " . Database::quote($searchtext); + } } else { $condition = ''; }