From f47d451a4855883d10442cdcf08a3c611170682b Mon Sep 17 00:00:00 2001 From: Retro_Guy Date: Thu, 11 Mar 2021 23:11:35 -0700 Subject: [PATCH] Protect sqlite barewords from quoting in search --- Rocksolid_Light/rocksolid/search.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Rocksolid_Light/rocksolid/search.php b/Rocksolid_Light/rocksolid/search.php index 0127e41..90774b7 100644 --- a/Rocksolid_Light/rocksolid/search.php +++ b/Rocksolid_Light/rocksolid/search.php @@ -252,6 +252,10 @@ function get_body_search($group, $terms) { GLOBAL $CONFIG, $config_name, $spooldir; $terms = preg_replace('/"/', '', $terms); $terms = preg_replace('/\ /', '" "', $terms); + $terms = preg_replace('/"NEAR"/', 'NEAR', $terms); + $terms = preg_replace('/"AND"/', 'AND', $terms); + $terms = preg_replace('/"OR"/', 'OR', $terms); + $terms = preg_replace('/"NOT"/', 'NOT', $terms); $terms = '"'.$terms.'"'; $local_groupfile=$spooldir."/".$config_name."/local_groups.txt"; $grouplist = file($local_groupfile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);