$charset = $CONFIG['charset'] == 'language file' ? $GLOBALS['lang_charset'] : $CONFIG['charset'];
$sort_array = array('na' => 'filename ASC , pid ASC', 'nd' => 'filename DESC , pid ASC', 'ta' => 'title ASC , pid ASC', 'td' => 'title DESC , pid ASC', 'da' => 'pid ASC', 'dd' => 'pid DESC', 'pa' => 'position ASC , pid ASC', 'pd' => 'position DESC , pid ASC');
$sort_code = isset($USER['sort']) ? $USER['sort'] : $CONFIG['default_sort_order'];
$sort_order = isset($sort_array[$sort_code]) ? $sort_array[$sort_code] : $sort_array[$CONFIG['default_sort_order']];
$allowed = array('title', 'caption', 'keywords', 'filename', 'pic_raw_ip', 'pic_hdr_ip', 'user1', 'user2', 'user3', 'user4');
global $cpg_udb;
// Use actual column name for search by owner name
if ($cpg_udb->can_join_tables && $USER['search']['params']['owner_name']) {
    $USER['search']['params'][$cpg_udb->field['username']] = true;
    $allowed[] = $cpg_udb->field['username'];
}
$mb_charset = stristr($multibyte_charset, $charset);
$search_string = str_replace('"', '"', $search_string);
$search_string = str_replace('\'', '"', $search_string);
$search_string = preg_replace('/&.*;/i', '', $search_string);
$search_string = Inspekt::getEscaped($search_string);
if (!$mb_charset) {
    $search_string = preg_replace('/[^0-9a-z %]/i', '', $search_string);
}
if (!isset($USER['search']['params'])) {
    $USER['search']['params']['title'] = $USER['search']['params']['caption'] = $USER['search']['params']['keywords'] = $USER['search']['params']['filename'] = 1;
}
//if (isset($_GET['album']) && $_GET['album'] == 'search') {
//  $_POST = $USER['search'];
//}
if ($superCage->get->keyExists('album') && $superCage->get->getAlpha('album') == 'search') {
    $search_params = $USER['search'];
} else {
    //put all original $_POST vars in $search_params, don't know if this could be used???
    $search_params = $superCage->post->_source;
}
/**
 * Strip whitespaces from the beginning and end of each keyword
 *
 * @param string $keywords
 */
function cpg_trim_keywords(&$keywords)
{
    global $CONFIG;
    $keywords_new = array();
    $keywords = explode($CONFIG['keyword_separator'], trim(html_entity_decode($keywords)));
    foreach ($keywords as $word) {
        if (trim($word)) {
            $keywords_new[] = trim(Inspekt::getEscaped($word));
        }
    }
    $keywords = implode($CONFIG['keyword_separator'], $keywords_new);
}
Exemplo n.º 3
0
            $remove = $superCage->get->getEscaped('remove');
        } elseif ($superCage->post->keyExists('remove')) {
            $remove = $superCage->post->getEscaped('remove');
        }
        $query = "SELECT pid, keywords FROM {$CONFIG['TABLE_PICTURES']} WHERE CONCAT('{$keysep}', keywords, '{$keysep}') LIKE '%{$keysep}{$remove}{$keysep}%'";
        $result = cpg_db_query($query);
        while (list($id, $keywords) = mysql_fetch_row($result)) {
            $array_new = array();
            $array_old = explode($keysep, trim(html_entity_decode($keywords)));
            foreach ($array_old as $word) {
                // convert old to new if it's the same word
                if (utf_strtolower(Inspekt::getEscaped($word)) == utf_strtolower($remove)) {
                    $word = '';
                }
                // rebuild array to reprocess it
                $array_new[] = Inspekt::getEscaped(trim($word));
            }
            $keywords = implode($keysep, $array_new);
            $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = '{$keywords}' WHERE pid = {$id}";
        }
        $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = TRIM(REPLACE(keywords, '{$keysep}{$keysep}', '{$keysep}'))";
        $newquerys[] = "UPDATE {$CONFIG['TABLE_PICTURES']} SET keywords = '' WHERE keywords = '{$keysep}'";
        foreach ($newquerys as $query) {
            $result = cpg_db_query($query);
        }
        header("Location: keywordmgr.php?page=display");
        break;
}
endtable();
echo "<input type=\"hidden\" name=\"form_token\" value=\"{$form_token}\" />\n<input type=\"hidden\" name=\"timestamp\" value=\"{$timestamp}\" /></form>";
if ($CONFIG['clickable_keyword_search'] != 0) {
Exemplo n.º 4
0
 /**
  * Returns the value escaped with mysql_real_escape_string.
  *
  * @param mixed $value
  * @return string
  *
  * @tag filter
  */
 function getEscaped($key)
 {
     if (!$this->keyExists($key)) {
         return false;
     }
     return Inspekt::getEscaped($this->_getValue($key));
 }