MDL-15942 - separate data escaped for database entry from unescaped data
[moodle-linuxchix.git] / search / query.php
blob51058edb2af7dcb693eac232b1b808b78bc7254a
1 <?php
2 /**
3 * Global Search Engine for Moodle
5 * @package search
6 * @category core
7 * @subpackage search_engine
8 * @author Michael Champanis (mchampan) [cynnical@gmail.com], Valery Fremaux [valery.fremaux@club-internet.fr] > 1.8
9 * @date 2008/03/31
10 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
12 * The query page - accepts a user-entered query string and returns results.
14 * Queries are boolean-aware, e.g.:
16 * '+' term required
17 * '-' term must not be present
18 * '' (no modifier) term's presence increases rank, but isn't required
19 * 'field:' search this field
21 * Examples:
23 * 'earthquake +author:michael'
24 * Searches for documents written by 'michael' that contain 'earthquake'
26 * 'earthquake +doctype:wiki'
27 * Search all wiki pages for 'earthquake'
29 * '+author:helen +author:foster'
30 * All articles written by Helen Foster
34 /**
35 * includes and requires
37 require_once('../config.php');
38 require_once("$CFG->dirroot/search/lib.php");
41 if ($CFG->forcelogin) {
42 require_login();
45 if (empty($CFG->enableglobalsearch)) {
46 error(get_string('globalsearchdisabled', 'search'));
49 $adv = new Object();
51 /// check for php5, but don't die yet (see line 52)
53 if ($check = search_check_php5()) {
54 require_once("{$CFG->dirroot}/search/querylib.php");
56 $page_number = optional_param('page', -1, PARAM_INT);
57 $pages = ($page_number == -1) ? false : true;
58 $advanced = (optional_param('a', '0', PARAM_INT) == '1') ? true : false;
59 $query_string = optional_param('query_string', '', PARAM_CLEAN);
61 if ($pages && isset($_SESSION['search_advanced_query'])) {
62 // if both are set, then we are busy browsing through the result pages of an advanced query
63 $adv = unserialize($_SESSION['search_advanced_query']);
65 else if ($advanced) {
66 // otherwise we are dealing with a new advanced query
67 unset($_SESSION['search_advanced_query']);
68 session_unregister('search_advanced_query');
70 // chars to strip from strings (whitespace)
71 $chars = " \t\n\r\0\x0B,-+";
73 // retrieve advanced query variables
74 $adv->mustappear = trim(optional_param('mustappear', '', PARAM_CLEAN), $chars);
75 $adv->notappear = trim(optional_param('notappear', '', PARAM_CLEAN), $chars);
76 $adv->canappear = trim(optional_param('canappear', '', PARAM_CLEAN), $chars);
77 $adv->module = optional_param('module', '', PARAM_CLEAN);
78 $adv->title = trim(optional_param('title', '', PARAM_CLEAN), $chars);
79 $adv->author = trim(optional_param('author', '', PARAM_CLEAN), $chars);
82 if ($advanced) {
83 //parse the advanced variables into a query string
84 //TODO: move out to external query class (QueryParse?)
86 $query_string = '';
88 // get all available module types
89 $module_types = array_merge(array('all'), array_values(search_get_document_types()));
90 $adv->module = in_array($adv->module, $module_types) ? $adv->module : 'all';
92 // convert '1 2' into '+1 +2' for required words field
93 if (strlen(trim($adv->mustappear)) > 0) {
94 $query_string = ' +'.implode(' +', preg_split("/[\s,;]+/", $adv->mustappear));
97 // convert '1 2' into '-1 -2' for not wanted words field
98 if (strlen(trim($adv->notappear)) > 0) {
99 $query_string .= ' -'.implode(' -', preg_split("/[\s,;]+/", $adv->notappear));
102 // this field is left untouched, apart from whitespace being stripped
103 if (strlen(trim($adv->canappear)) > 0) {
104 $query_string .= ' '.implode(' ', preg_split("/[\s,;]+/", $adv->canappear));
107 // add module restriction
108 $doctypestr = get_string('doctype', 'search');
109 $titlestr = get_string('title', 'search');
110 $authorstr = get_string('author', 'search');
111 if ($adv->module != 'all') {
112 $query_string .= " +{$doctypestr}:".$adv->module;
115 // create title search string
116 if (strlen(trim($adv->title)) > 0) {
117 $query_string .= " +{$titlestr}:".implode(" +{$titlestr}:", preg_split("/[\s,;]+/", $adv->title));
120 // create author search string
121 if (strlen(trim($adv->author)) > 0) {
122 $query_string .= " +{$authorstr}:".implode(" +{$authorstr}:", preg_split("/[\s,;]+/", $adv->author));
125 // save our options if the query is valid
126 if (!empty($query_string)) {
127 $_SESSION['search_advanced_query'] = serialize($adv);
131 // normalise page number
132 if ($page_number < 1) {
133 $page_number = 1;
136 //run the query against the index
137 $sq = new SearchQuery($query_string, $page_number, 10, false);
140 if (!$site = get_site()) {
141 redirect("index.php");
144 $strsearch = get_string('search', 'search');
145 $strquery = get_string('enteryoursearchquery', 'search');
147 // if ($CFG->version < 2007032200){ NOT RELIABLE
148 if (!function_exists('build_navigation')){
149 print_header("$site->shortname: $strsearch: $strquery", "$site->fullname",
150 "<a href=\"index.php\">$strsearch</a> -> $strquery");
151 } else {
152 $navlinks[] = array('name' => $strsearch, 'link' => "index.php", 'type' => 'misc');
153 $navlinks[] = array('name' => $strquery, 'link' => null, 'type' => 'misc');
154 $navigation = build_navigation($navlinks);
155 $site = get_site();
156 print_header("$strsearch", "$site->fullname" , $navigation, "", "", true, "&nbsp;", navmenu($site));
159 //keep things pretty, even if php5 isn't available
160 if (!$check) {
161 print_heading(search_check_php5(true));
162 print_footer();
163 exit(0);
166 print_box_start();
167 print_heading($strquery);
169 print_box_start();
171 $vars = get_object_vars($adv);
173 if (isset($vars)) {
174 foreach ($vars as $key => $value) {
175 // htmlentities breaks non-ascii chars
176 $adv->key = stripslashes($value);
177 //$adv->$key = stripslashes(htmlentities($value));
182 <form id="query" method="get" action="query.php">
183 <?php
184 if (!$advanced) {
186 <input type="text" name="query_string" length="50" value="<?php print stripslashes($query_string) ?>" />
187 &nbsp;<input type="submit" value="<?php print_string('search', 'search') ?>" /> &nbsp;
188 <a href="query.php?a=1"><?php print_string('advancedsearch', 'search') ?></a> |
189 <a href="stats.php"><?php print_string('statistics', 'search') ?></a>
190 <?php
192 else {
193 print_box_start();
195 <input type="hidden" name="a" value="<?php print $advanced; ?>"/>
197 <table border="0" cellpadding="3" cellspacing="3">
199 <tr>
200 <td width="240"><?php print_string('thesewordsmustappear', 'search') ?>:</td>
201 <td><input type="text" name="mustappear" length="50" value="<?php print $adv->mustappear; ?>" /></td>
202 </tr>
204 <tr>
205 <td><?php print_string('thesewordsmustnotappear', 'search') ?>:</td>
206 <td><input type="text" name="notappear" length="50" value="<?php print $adv->notappear; ?>" /></td>
207 </tr>
209 <tr>
210 <td><?php print_string('thesewordshelpimproverank', 'search') ?>:</td>
211 <td><input type="text" name="canappear" length="50" value="<?php print $adv->canappear; ?>" /></td>
212 </tr>
214 <tr>
215 <td><?php print_string('whichmodulestosearch?', 'search') ?>:</td>
216 <td>
217 <select name="module">
218 <?php
219 foreach($module_types as $mod) {
220 if ($mod == $adv->module) {
221 if ($mod != 'all'){
222 print "<option value='$mod' selected=\"selected\">".get_string('modulenameplural', $mod)."</option>\n";
224 else{
225 print "<option value='$mod' selected=\"selected\">".get_string('all', 'search')."</option>\n";
228 else {
229 if ($mod != 'all'){
230 print "<option value='$mod'>".get_string('modulenameplural', $mod)."</option>\n";
232 else{
233 print "<option value='$mod'>".get_string('all', 'search')."</option>\n";
238 </select>
239 </td>
240 </tr>
242 <tr>
243 <td><?php print_string('wordsintitle', 'search') ?>:</td>
244 <td><input type="text" name="title" length="50" value="<?php print $adv->title; ?>" /></td>
245 </tr>
247 <tr>
248 <td><?php print_string('authorname', 'search') ?>:</td>
249 <td><input type="text" name="author" length="50" value="<?php print $adv->author; ?>" /></td>
250 </tr>
252 <tr>
253 <td colspan="3" align="center"><br /><input type="submit" value="<?php print_string('search', 'search') ?>" /></td>
254 </tr>
256 <tr>
257 <td colspan="3" align="center">
258 <table border="0" cellpadding="0" cellspacing="0">
259 <tr>
260 <td><a href="query.php"><?php print_string('normalsearch', 'search') ?></a> |</td>
261 <td>&nbsp;<a href="stats.php"><?php print_string('statistics', 'search') ?></a></td>
262 </tr>
263 </table>
264 </td>
265 </tr>
266 </table>
267 <?php
268 print_box_end();
271 </form>
272 <br/>
274 <div align="center">
275 <?php
276 print_string('searching', 'search') . ': ';
278 if ($sq->is_valid_index()) {
279 //use cached variable to show up-to-date index size (takes deletions into account)
280 print $CFG->search_index_size;
282 else {
283 print "0";
286 print ' ';
287 print_string('documents', 'search');
288 print '.';
290 if (!$sq->is_valid_index() and isadmin()) {
291 print '<p>' . get_string('noindexmessage', 'search') . '<a href="indexersplash.php">' . get_string('createanindex', 'search')."</a></p>\n";
295 </div>
296 <?php
297 print_box_end();
299 // prints all the results in a box
300 if ($sq->is_valid()) {
301 print_box_start();
303 search_stopwatch();
304 $hit_count = $sq->count();
306 print "<br />";
308 print $hit_count.' '.get_string('resultsreturnedfor', 'search') . " '".stripslashes($query_string)."'.";
309 print "<br />";
311 if ($hit_count > 0) {
312 $page_links = $sq->page_numbers();
313 $hits = $sq->results();
315 if ($advanced) {
316 // if in advanced mode, search options are saved in the session, so
317 // we can remove the query string var from the page links, and replace
318 // it with a=1 (Advanced = on) instead
319 $page_links = preg_replace("/query_string=[^&]+/", 'a=1', $page_links);
322 print "<ol>";
324 $typestr = get_string('type', 'search');
325 $scorestr = get_string('score', 'search');
326 $authorstr = get_string('author', 'search');
327 foreach ($hits as $listing) {
328 //if ($CFG->unicodedb) {
329 //$listing->title = mb_convert_encoding($listing->title, 'auto', 'UTF8');
331 $title_post_processing_function = $listing->doctype.'_link_post_processing';
332 require_once "{$CFG->dirroot}/search/documents/{$listing->doctype}_document.php";
333 if (function_exists($title_post_processing_function)) {
334 $listing->title = $title_post_processing_function($listing->title);
337 print "<li value='".($listing->number+1)."'><a href='".str_replace('DEFAULT_POPUP_SETTINGS', DEFAULT_POPUP_SETTINGS ,$listing->url)."'>$listing->title</a><br />\n"
338 ."<em>".search_shorten_url($listing->url, 70)."</em><br />\n"
339 ."{$typestr}: ".$listing->doctype.", {$scorestr}: ".round($listing->score, 3);
340 if (!empty($listing->author)){
341 print ", {$authorstr}: ".$listing->author."\n"
342 ."</li>\n";
345 print "</ol>";
346 print $page_links;
348 print_box_end();
350 <div align="center">
351 <?php
352 print_string('ittook', 'search');
353 search_stopwatch();
354 print_string('tofetchtheseresults', 'search');
356 </div>
358 <?php
360 print_box_end();
361 print_footer();