public function index()
{
$this->load->helper('security');
if (isset($_POST['search_btn'])) {
$len = mb_strlen($_POST['search_text']);
if (isset($_POST['search_text']) and $len > 2) {
$search_text = encode_php_tags($this->input->post('search_text', TRUE));
$this->load->model('search_m');
$search_text = mysql_real_escape_string($search_text);
$count = $this->search_m->search_text($search_text);
$data['search_text'] = $search_text;
if ($count['count'] != 0) {
//echo "<script>alert('".$count['count']."')</script>";
/* pager */
$this->load->library('pager');
$tmp = $this->input->get('page');
if ($tmp != '') {
$current_page_value = $this->input->get('page');
} else {
$current_page_value = 1;
}
$config['base_url'] = base_url() . "search";
$config['total_rows'] = $count['count'];
$config['per_page'] = 10;
$config['current_page'] = $current_page_value;
$this->pager->initializer($config);
$data['pager'] = $this->pager->create_links();
$data['result'] = $search_result = $this->search_m->search_text($search_text, $config['per_page'], $this->pager->requested_page());
//$data['content'] = $this->commerce_m->get_catalog($category,$subcategory,$config['per_page'],$this->pager->requested_page());
if ($search_text != NULL) {
$data['content'] = $this->load->view('search/search_v.php', $data, true);
} else {
$data['content'] = $this->load->view('search/search_notext_v.php', $data, true);
}
} else {
$data['content'] = $this->load->view('search/search_no_results_v', $data, true);
}
} else {
$search_text = NULL;
echo "<script>alert('Поисковая строка не может быть короче трех символов')</script>";
echo "<script>window.history.back()</script>";
}
} else {
$data['content'] = $this->load->view('search/search_notext_v', '', true);
}
// Получаем меню для сайдбара
$this->load->model('commerce/commerce_m');
$data['subcategory'] = $this->commerce_m->get_all_subcategories();
$data['category'] = $this->commerce_m->get_all_categories();
/* Блок авторизации */
$data['auth_form'] = $this->load->module('auth')->auth_block_generator();
/* Метатэги */
$data['seo_title'] = 'Поиск по сайту';
$data['seo_description'] = 'Поиск по сайту';
$data['seo_keywords'] = 'Поиск по сайту';
$this->load->view('main/index_v', $data);
}
function acceptData($value)
{
foreach ($value as $key => $val) {
$data[$val] = $this->SV->input->post($val, TRUE);
if (!is_array($data[$val])) {
$data[$val] = strip_image_tags($data[$val]);
$data[$val] = quotes_to_entities($data[$val]);
$data[$val] = encode_php_tags($data[$val]);
$data[$val] = trim($data[$val]);
}
}
return $data;
}
/**
* Typographic parser
*
* Note: The processing order is very important in this function so don't change it!
*
* @param string
* @param array
*/
public function parse_type($str, $prefs = '')
{
if ($this->parse_images === TRUE) {
$this->file_paths = ee()->functions->fetch_file_paths();
}
// In the future, we might think about caching all of this processing, ya know.
// Do an md5 of the content, process it, store it, retrieve it, et cetera.
// Not sure how the clearing of it out would go, and if we stored it in the database
// that does add yet another query. Hmmmm. -Paul
if ($str == '') {
return;
}
// -------------------------------------------
// 'typography_parse_type_start' hook.
// - Modify string prior to all other typography processing
//
if (ee()->extensions->active_hook('typography_parse_type_start') === TRUE) {
$str = ee()->extensions->call('typography_parse_type_start', $str, $this, $prefs);
}
//
// -------------------------------------------
/** -------------------------------------
/** Set up our preferences
/** -------------------------------------*/
if (is_array($prefs)) {
if (isset($prefs['text_format'])) {
if ($prefs['text_format'] == 'none') {
$this->text_format = 'none';
} else {
if (in_array($prefs['text_format'], $this->text_fmt_types)) {
$this->text_format = $prefs['text_format'];
} else {
if (isset($this->text_fmt_plugins[$prefs['text_format']]) && (file_exists(PATH_PI . 'pi.' . $prefs['text_format'] . '.php') or file_exists(PATH_THIRD . $prefs['text_format'] . '/pi.' . $prefs['text_format'] . '.php'))) {
$this->text_format = $prefs['text_format'];
}
}
}
}
if (isset($prefs['html_format']) and in_array($prefs['html_format'], $this->html_fmt_types)) {
$this->html_format = $prefs['html_format'];
}
if (isset($prefs['auto_links']) and in_array($prefs['auto_links'], $this->yes_no_syntax)) {
$this->auto_links = $prefs['auto_links'];
}
if (isset($prefs['allow_img_url']) and in_array($prefs['allow_img_url'], $this->yes_no_syntax)) {
$this->allow_img_url = $prefs['allow_img_url'];
}
}
// If we're dealing with a separate parser (e.g. Markdown)
$separate_parser = $this->text_format == 'markdown' ? TRUE : FALSE;
/** -------------------------------------
/** Encode PHP tags
/** -------------------------------------*/
// Before we do anything else, we'll convert PHP tags into character entities.
// This is so that PHP submitted in channel entries, comments, etc. won't get parsed.
// Since you can enable templates to parse PHP, it would open up a security
// hole to leave PHP submitted in entries and comments intact.
//
// If we're dealing with a separate parser, don't encode now in case of
// code snippets
ee()->load->helper('security');
if (!$separate_parser) {
$str = encode_php_tags($str);
}
/** -------------------------------------
/** Encode EE tags
/** -------------------------------------*/
// Next, we need to encode EE tags contained in entries, comments, etc. so that they don't get parsed.
$str = ee()->functions->encode_ee_tags($str, $this->convert_curly);
/** -------------------------------------
/** Are single lines considered paragraphs?
/** -------------------------------------*/
if ($this->single_line_pgfs != TRUE) {
if ($this->text_format == 'xhtml' and strpos($str, "\r") === FALSE and strpos($str, "\n") === FALSE) {
$this->text_format = 'lite';
}
}
// Fix emoticon bug
$str = str_replace(array('>:-(', '>:('), array(':angry:', ':mad:'), $str);
/** -------------------------------------
/** Highlight text within [code] tags
/** -------------------------------------*/
// If highlighting is enabled, we'll highlight <pre> tags as well.
if ($this->highlight_code == TRUE) {
$str = str_replace(array('[pre]', '[/pre]'), array('[code]', '[/code]'), $str);
}
// We don't want BBCode parsed if it's within code examples so we'll convert the brackets
$str = $this->_protect_bbcode($str);
// Strip IMG tags if not allowed
if ($this->allow_img_url == 'n') {
$str = $this->strip_images($str);
}
// Format HTML
$str = $this->format_html($str);
// Auto-link URLs and email addresses
if ($this->auto_links == 'y' && !$separate_parser) {
$str = $this->auto_linker($str);
}
// Parse file paths (in images)
$str = $this->parse_file_paths($str);
/** ---------------------------------------
/** Convert HTML links in CP to BBCode
/** ---------------------------------------*/
// Forces HTML links output in the control panel to BBCode so they will be formatted
// as redirects, to prevent the control panel address from showing up in referrer logs
// except when sending emails, where we don't want created links piped through the site
if (REQ == 'CP' && ee()->input->get('M') != 'send_email' && strpos($str, 'href=') !== FALSE) {
$str = preg_replace("#<a\\s+(.*?)href=(\"|')([^\\2]*?)\\2(.*?)\\>(.*?)</a>#si", "[url=\"\\3\"\\1\\4]\\5[/url]", $str);
}
// Decode BBCode
$str = $this->decode_bbcode($str);
/** -------------------------------------
/** Format text
/** -------------------------------------*/
switch ($this->text_format) {
case 'none':
break;
case 'xhtml':
$str = $this->auto_typography($str);
break;
case 'markdown':
$str = $this->markdown($str, $prefs);
break;
case 'lite':
$str = $this->format_characters($str);
// Used with channel entry titles
break;
case 'br':
$str = $this->nl2br_except_pre($str);
break;
default:
// Plugin of some sort
if (!class_exists('EE_Template')) {
require APPPATH . 'libraries/Template.php';
ee()->TMPL = new EE_Template();
}
$plugin = ucfirst($this->text_format);
if (!class_exists($plugin)) {
if (in_array($this->text_format, ee()->core->native_plugins)) {
require_once PATH_PI . 'pi.' . $this->text_format . '.php';
} else {
require_once PATH_THIRD . $this->text_format . '/pi.' . $this->text_format . '.php';
}
}
if (class_exists($plugin)) {
$PLG = new $plugin($str);
if (isset($PLG->return_data)) {
$str = $PLG->return_data;
}
}
break;
}
// Encode PHP post-Markdown parsing
if ($separate_parser) {
$str = encode_php_tags($str);
}
// Parse emoticons
$str = $this->emoticon_replace($str);
// Parse censored words
if ($this->word_censor === TRUE && count($this->censored_words > 0)) {
ee()->load->helper('text');
$str = word_censor($str, $this->censored_words, $this->censored_replace);
}
/** ------------------------------------------
/** Decode and spam-protect email addresses
/** ------------------------------------------*/
// {encode="*****@*****.**" title="Click Me"}
// Note: We only do this here if it's a CP request since the
// template parser handles this for page requets
if (REQ == 'CP' && strpos($str, '{encode=') !== FALSE) {
if (preg_match_all("/\\{encode=(.+?)\\}/i", $str, $matches)) {
for ($j = 0; $j < count($matches['0']); $j++) {
$str = str_replace($matches['0'][$j], ee()->functions->encode_email($matches['1'][$j]), $str);
}
}
}
// Standard email addresses
$str = $this->decode_emails($str);
// Insert the cached code tags
$str = $this->_convert_code_markers($str);
// -------------------------------------------
// 'typography_parse_type_end' hook.
// - Modify string after all other typography processing
//
if (ee()->extensions->active_hook('typography_parse_type_end') === TRUE) {
$str = ee()->extensions->call('typography_parse_type_end', $str, $this, $prefs);
}
//
// -------------------------------------------
return $str;
}
/**
* Encode PHP Tags (prep)
*
* Convert PHP tags to entities.
* This replaces the version in CI_Form_validation.
*
* @ignore
*/
protected function _encode_php_tags($field)
{
$this->{$field} = encode_php_tags($this->{$field});
}
function parse_type($str, $prefs = '')
{
if ($this->parse_images === TRUE) {
$this->file_paths = $this->EE->functions->fetch_file_paths();
}
// In the future, we might think about caching all of this processing, ya know.
// Do an md5 of the content, process it, store it, retrieve it, et cetera.
// Not sure how the clearing of it out would go, and if we stored it in the database
// that does add yet another query. Hmmmm. -Paul
if ($str == '') {
return;
}
// -------------------------------------------
// 'typography_parse_type_start' hook.
// - Modify string prior to all other typography processing
//
if ($this->EE->extensions->active_hook('typography_parse_type_start') === TRUE) {
$str = $this->EE->extensions->call('typography_parse_type_start', $str, $this, $prefs);
}
//
// -------------------------------------------
/** -------------------------------------
/** Encode PHP tags
/** -------------------------------------*/
// Before we do anything else, we'll convert PHP tags into character entities.
// This is so that PHP submitted in channel entries, comments, etc. won't get parsed.
// Since you can enable templates to parse PHP, it would open up a security
// hole to leave PHP submitted in entries and comments intact.
$this->EE->load->helper('security');
$str = encode_php_tags($str);
/** -------------------------------------
/** Encode EE tags
/** -------------------------------------*/
// Next, we need to encode EE tags contained in entries, comments, etc. so that they don't get parsed.
$str = $this->EE->functions->encode_ee_tags($str, $this->convert_curly);
/** -------------------------------------
/** Set up our preferences
/** -------------------------------------*/
if (is_array($prefs)) {
if (isset($prefs['text_format'])) {
if ($prefs['text_format'] != 'none') {
if (in_array($prefs['text_format'], $this->text_fmt_types)) {
$this->text_format = $prefs['text_format'];
} else {
if (isset($this->text_fmt_plugins[$prefs['text_format']]) and (file_exists(PATH_PI . 'pi.' . $prefs['text_format'] . EXT) or file_exists(PATH_THIRD . $prefs['text_format'] . '/pi.' . $prefs['text_format'] . EXT))) {
$this->text_format = $prefs['text_format'];
}
}
} else {
$this->text_format = 'none';
}
}
if (isset($prefs['html_format']) and in_array($prefs['html_format'], $this->html_fmt_types)) {
$this->html_format = $prefs['html_format'];
}
if (isset($prefs['auto_links']) and in_array($prefs['auto_links'], $this->yes_no_syntax)) {
$this->auto_links = $prefs['auto_links'];
}
if (isset($prefs['allow_img_url']) and in_array($prefs['allow_img_url'], $this->yes_no_syntax)) {
$this->allow_img_url = $prefs['allow_img_url'];
}
}
/** -------------------------------------
/** Are single lines considered paragraphs?
/** -------------------------------------*/
if ($this->single_line_pgfs != TRUE) {
if ($this->text_format == 'xhtml' and strpos($str, "\r") === FALSE and strpos($str, "\n") === FALSE) {
$this->text_format = 'lite';
}
}
// Fix emoticon bug
$str = str_replace(array('>:-(', '>:('), array(':angry:', ':mad:'), $str);
/** -------------------------------------
/** Highlight text within [code] tags
/** -------------------------------------*/
// If highlighting is enabled, we'll highlight <pre> tags as well.
if ($this->highlight_code == TRUE) {
$str = str_replace(array('[pre]', '[/pre]'), array('[code]', '[/code]'), $str);
}
// We don't want BBCode parsed if it's within code examples so we'll convert the brackets
if (strpos($str, '[code]') !== FALSE) {
if (preg_match_all("/\\[code\\](.+?)\\[\\/code\\]/si", $str, $matches)) {
for ($i = 0; $i < count($matches['1']); $i++) {
$temp = str_replace(array('[', ']'), array('[', ']'), $matches['1'][$i]);
$str = str_replace($matches['0'][$i], '[code]' . $temp . '[/code]', $str);
}
}
if ($this->highlight_code == TRUE) {
$str = $this->text_highlight($str);
} else {
$str = str_replace(array('[code]', '[/code]'), array('<code>', '</code>'), $str);
}
}
// Strip IMG tags if not allowed
if ($this->allow_img_url == 'n') {
$str = $this->strip_images($str);
}
// Format HTML
$str = $this->format_html($str);
// Auto-link URLs and email addresses
if ($this->auto_links == 'y' and $this->html_format != 'none') {
$str = $this->auto_linker($str);
}
// Parse file paths (in images)
$str = $this->parse_file_paths($str);
/** ---------------------------------------
/** Convert HTML links in CP to BBCode
/** ---------------------------------------*/
// Forces HTML links output in the control panel to BBCode so they will be formatted
// as redirects, to prevent the control panel address from showing up in referrer logs
// except when sending emails, where we don't want created links piped through the site
if (REQ == 'CP' && $this->EE->input->get('M') != 'send_email' && strpos($str, 'href=') !== FALSE) {
$str = preg_replace("#<a\\s+(.*?)href=(\"|')([^\\2]*?)\\2(.*?)\\>(.*?)</a>#si", "[url=\"\\3\"\\1\\4]\\5[/url]", $str);
}
// Decode BBCode
$str = $this->decode_bbcode($str);
/** -------------------------------------
/** Format text
/** -------------------------------------*/
switch ($this->text_format) {
case 'none':
break;
case 'xhtml':
$str = $this->xhtml_typography($str);
break;
case 'lite':
$str = $this->format_characters($str);
// Used with channel entry titles
break;
case 'br':
$str = $this->nl2br_except_pre($str);
break;
default:
if (!class_exists('EE_Template')) {
require APPPATH . 'libraries/Template' . EXT;
$this->EE->TMPL = new EE_Template();
}
$plugin = ucfirst($prefs['text_format']);
if (!class_exists($plugin)) {
if (in_array($prefs['text_format'], $this->EE->core->native_plugins)) {
require_once PATH_PI . 'pi.' . $prefs['text_format'] . EXT;
} else {
require_once PATH_THIRD . $prefs['text_format'] . '/pi.' . $prefs['text_format'] . EXT;
}
}
if (class_exists($plugin)) {
$PLG = new $plugin($str);
if (isset($PLG->return_data)) {
$str = $PLG->return_data;
}
}
break;
}
// Parse emoticons
$str = $this->emoticon_replace($str);
// Parse censored words
if ($this->word_censor === TRUE && count($this->censored_words > 0)) {
$this->EE->load->helper('text');
$str = word_censor($str, $this->censored_words, $this->censored_replace);
}
/** ------------------------------------------
/** Decode and spam-protect email addresses
/** ------------------------------------------*/
// {encode="*****@*****.**" title="Click Me"}
// Note: We only do this here if it's a CP request since the
// template parser handles this for page requets
if (REQ == 'CP' && strpos($str, '{encode=') !== FALSE) {
if (preg_match_all("/\\{encode=(.+?)\\}/i", $str, $matches)) {
for ($j = 0; $j < count($matches['0']); $j++) {
$str = str_replace($matches['0'][$j], $this->EE->functions->encode_email($matches['1'][$j]), $str);
}
}
}
// Standard email addresses
$str = $this->decode_emails($str);
/** ------------------------------------------
/** Insert the cached code tags
/** ------------------------------------------*/
// The hightlight function called earlier converts the original code strings into markers
// so that the auth_xhtml function doesn't attempt to process the highlighted code chunks.
// Here we convert the markers back to their correct state.
if (count($this->code_chunks) > 0) {
foreach ($this->code_chunks as $key => $val) {
if ($this->text_format == 'legacy_typography') {
// First line takes care of the line break that might be there, which should
// be a line break because it is just a simple break from the [code] tag.
$str = str_replace('<div class="codeblock">{' . $key . 'yH45k02wsSdrp}</div>' . "\n<br />", '</p><div class="codeblock">' . $val . '</div><p>', $str);
$str = str_replace('<div class="codeblock">{' . $key . 'yH45k02wsSdrp}</div>', '</p><div class="codeblock">' . $val . '</div><p>', $str);
} else {
$str = str_replace('{' . $key . 'yH45k02wsSdrp}', $val, $str);
}
}
$this->code_chunks = array();
}
// -------------------------------------------
// 'typography_parse_type_end' hook.
// - Modify string after all other typography processing
//
if ($this->EE->extensions->active_hook('typography_parse_type_end') === TRUE) {
$str = $this->EE->extensions->call('typography_parse_type_end', $str, $this, $prefs);
}
//
// -------------------------------------------
return $str;
}
function test_encode_php_tags()
{
$this->assertEquals('<? echo $foo; ?>', encode_php_tags('<? echo $foo; ?>'));
}
/**
* Typographic parser
*
* Note: The processing order is very important in this function so don't change it!
*
* @param string
* @param array
*/
public function parse_type($str, $prefs = '')
{
if ($str == '') {
return;
}
// -------------------------------------------
// 'typography_parse_type_start' hook.
// - Modify string prior to all other typography processing
//
if (ee()->extensions->active_hook('typography_parse_type_start') === TRUE) {
$str = ee()->extensions->call('typography_parse_type_start', $str, $this, $prefs);
}
//
// -------------------------------------------
// Set up preferences
$this->_set_preferences($prefs);
// Parser-specific pre_process
if ($this->separate_parser && method_exists($this, $this->text_format . '_pre_process')) {
$str = $this->{$this->text_format . '_pre_process'}($str);
}
// Handle single line paragraphs
if ($this->single_line_pgfs != TRUE) {
if ($this->text_format == 'xhtml' and strpos($str, "\r") === FALSE and strpos($str, "\n") === FALSE) {
$this->text_format = 'lite';
}
}
// Fix emoticon bug
$str = str_replace(array('>:-(', '>:('), array(':angry:', ':mad:'), $str);
// Highlight text within [code] tags
// If highlighting is enabled, we'll highlight <pre> tags as well.
if ($this->highlight_code == TRUE) {
$str = str_replace(array('[pre]', '[/pre]'), array('[code]', '[/code]'), $str);
}
// We don't want BBCode parsed if it's within code examples so we'll
// convert the brackets
$str = $this->_protect_bbcode($str);
// Strip IMG tags if not allowed
if ($this->allow_img_url == 'n') {
$str = $this->strip_images($str);
}
// Format HTML
$str = $this->format_html($str);
// Auto-link URLs and email addresses
if ($this->auto_links == 'y' && !$this->separate_parser) {
$str = $this->auto_linker($str);
}
// Parse file paths (in images)
$str = $this->parse_file_paths($str);
// Convert HTML links in CP to BBCode
//
// Forces HTML links output in the control panel to BBCode so they will
// be formatted as redirects, to prevent the control panel address from
// showing up in referrer logs except when sending emails, where we
// don't want created links piped through the site
if (REQ == 'CP' && $this->bbencode_links && strpos($str, 'href=') !== FALSE) {
$str = preg_replace("#<a\\s+(.*?)href=(\"|')([^\\2]*?)\\2(.*?)\\>(.*?)</a>#si", "[url=\"\\3\"\\1\\4]\\5[/url]", $str);
}
// Decode BBCode
$str = $this->decode_bbcode($str);
// Format text
switch ($this->text_format) {
case 'none':
break;
case 'xhtml':
$str = $this->auto_typography($str);
break;
case 'markdown':
$str = $this->markdown($str, $prefs);
break;
case 'lite':
// Used with channel entry titles
$str = $this->format_characters($str);
break;
case 'br':
$str = $this->nl2br_except_pre($str);
break;
default:
// Plugin of some sort
$str = $this->parse_plugin($str);
break;
}
// Parse emoticons
$str = $this->emoticon_replace($str);
// Parse censored words
if ($this->word_censor === TRUE && count($this->censored_words > 0)) {
ee()->load->helper('text');
$str = word_censor($str, $this->censored_words, $this->censored_replace);
}
// Decode {encode=...} only in the CP since the template parser handles
// this for page requets
if (REQ == 'CP' && strpos($str, '{encode=') !== FALSE) {
ee()->load->library('template', NULL, 'TMPL');
$str = ee()->TMPL->parse_encode_email($str);
}
// Standard email addresses
$str = $this->decode_emails($str);
// Insert the cached code tags
$str = $this->_convert_code_markers($str);
// -------------------------------------------
// 'typography_parse_type_end' hook.
// - Modify string after all other typography processing
//
if (ee()->extensions->active_hook('typography_parse_type_end') === TRUE) {
$str = ee()->extensions->call('typography_parse_type_end', $str, $this, $prefs);
}
//
// -------------------------------------------
// Encode PHP Tags
ee()->load->helper('security');
$str = encode_php_tags($str);
// Encode EE Tags
$str = ee()->functions->encode_ee_tags($str, $this->convert_curly);
return $str;
}
public function security_clean($q)
{
$this->load->helper('security');
//$this->load->library('security');
$q = str_replace("", "", $q);
$q = str_replace('\\0', "", $q);
$q = xss_clean($q);
//$q = $this->security->xss_clean($q);
$q = strip_image_tags($q);
$q = encode_php_tags($q);
$q = preg_replace(array("/select/si", "/delete/si", "/update/si", "/insert/si", "/from/si", "/alert/si", "/\\[removed\\]/si", "/script/si", "/\\*/si"), "", $q);
return $q;
}
