$charset = $CONFIG['charset'] == 'language file' ? $GLOBALS['lang_charset'] : $CONFIG['charset']; $sort_array = array('na' => 'filename ASC , pid ASC', 'nd' => 'filename DESC , pid ASC', 'ta' => 'title ASC , pid ASC', 'td' => 'title DESC , pid ASC', 'da' => 'pid ASC', 'dd' => 'pid DESC', 'pa' => 'position ASC , pid ASC', 'pd' => 'position DESC , pid ASC'); $sort_code = isset($USER['sort']) ? $USER['sort'] : $CONFIG['default_sort_order']; $sort_order = isset($sort_array[$sort_code]) ? $sort_array[$sort_code] : $sort_array[$CONFIG['default_sort_order']]; $allowed = array('title', 'caption', 'keywords', 'filename', 'pic_raw_ip', 'pic_hdr_ip', 'user1', 'user2', 'user3', 'user4'); global $cpg_udb; // Use actual column name for search by owner name if ($cpg_udb->can_join_tables && $USER['search']['params']['owner_name']) { $USER['search']['params'][$cpg_udb->field['username']] = true; $allowed[] = $cpg_udb->field['username']; } $mb_charset = stristr($multibyte_charset, $charset); $search_string = str_replace('"', '"', $search_string); $search_string = str_replace('\'', '"', $search_string); $search_string = preg_replace('/&.*;/i', '', $search_string); $search_string = Inspekt::getEscaped($search_string); if (!$mb_charset) { $search_string = preg_replace('/[^0-9a-z %]/i', '', $search_string); } if (!isset($USER['search']['params'])) { $USER['search']['params']['title'] = $USER['search']['params']['caption'] = $USER['search']['params']['keywords'] = $USER['search']['params']['filename'] = 1; } //if (isset($_GET['album']) && $_GET['album'] == 'search') { // $_POST = $USER['search']; //} if ($superCage->get->keyExists('album') && $superCage->get->getAlpha('album') == 'search') { $search_params = $USER['search']; } else { //put all original $_POST vars in $search_params, don't know if this could be used??? $search_params = $superCage->post->_source; }
/** * Strip whitespaces from the beginning and end of each keyword * * @param string $keywords */ function cpg_trim_keywords(&$keywords) { global $CONFIG; $keywords_new = array(); $keywords = explode($CONFIG['keyword_separator'], trim(html_entity_decode($keywords))); foreach ($keywords as $word) { if (trim($word)) { $keywords_new[] = trim(Inspekt::getEscaped($word)); } } $keywords = implode($CONFIG['keyword_separator'], $keywords_new); }
$remove = $superCage->get->getEscaped('remove'); } elseif ($superCage->post->keyExists('remove')) { $remove = $superCage->post->getEscaped('remove'); } $query = "SELECT pid, keywords FROM {$CONFIG['TABLE_PICTURES']} WHERE CONCAT('{$keysep}', keywords, '{$keysep}') LIKE '%{$keysep}{$remove}{$keysep}%'"; $result = cpg_db_query($query); while (list($id, $keywords) = mysql_fetch_row($result)) { $array_new = array(); $array_old = explode($keysep, trim(html_entity_decode($keywords))); foreach ($array_old as $word) { // convert old to new if it's the same word if (utf_strtolower(Inspekt::getEscaped($word)) == utf_strtolower($remove)) { $word = ''; } // rebuild array to reprocess it $array_new[] = Inspekt::getEscaped(trim($word)); } $keywords = implode($keysep, $array_new); $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = '{$keywords}' WHERE pid = {$id}"; } $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = TRIM(REPLACE(keywords, '{$keysep}{$keysep}', '{$keysep}'))"; $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = '' WHERE keywords = '{$keysep}'"; foreach ($newquerys as $query) { $result = cpg_db_query($query); } header("Location: keywordmgr.php?page=display"); break; } endtable(); echo "<input type=\"hidden\" name=\"form_token\" value=\"{$form_token}\" />\n<input type=\"hidden\" name=\"timestamp\" value=\"{$timestamp}\" /></form>"; if ($CONFIG['clickable_keyword_search'] != 0) {
/** * Returns the value escaped with mysql_real_escape_string. * * @param mixed $value * @return string * * @tag filter */ function getEscaped($key) { if (!$this->keyExists($key)) { return false; } return Inspekt::getEscaped($this->_getValue($key)); }