(I'm sorry for the $this->lang['xxx'] coding, please replace them with the original content...)
<?php
$etc = "<span class='textsearch_etc'>...</span>";
$output = $this->FormOpen("", "", "get");
$output .= '
<table border="0" cellspacing="0" cellpadding="0">
<tr><td>'.$this->lang['search_for'].': </td>
<td><input name="phrase" size="40" value="';
if (isset($_REQUEST["phrase"]))
{
$output .= $this->htmlspecialchars_ent(stripslashes($_REQUEST["phrase"]));
}
$output .= '" /> <input type="submit" value="'.$this->lang['search'].'"/></td></tr>
</table>';
$output .= $this->FormClose();
if (isset($_REQUEST["phrase"]) && $phrase = $_REQUEST["phrase"])
{
$phrase = stripslashes($phrase);
$output .= "<br />";
$results = $this->FullTextSearch($phrase);
switch (count($results))
{
case 0: $output .= sprintf($this->lang['zero_result_for'], $phrase); break;
case 1: $output .= sprintf($this->lang['one_result_for'], $phrase); break;
default: $output .= sprintf($this->lang['n_results_for'], $phrase, count($results)); break;
}
$phrase = str_replace("\"", "", $phrase);
if ($results)
{
$output .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
$STORE_FORMATING_AS_TEXT = 1;
#preg_quote
$phrase = preg_replace('/(\.|\\|\?|\[|\^|\]|\$|\(|\)\|{\|\}|\=|\!|\<|\>|\||\:|\/)/', "\\\\$1", $phrase);
$phrase = preg_replace('/\-\S*|\s\+/', ' ', " $phrase ");
$phrase = preg_replace(array('/^ +| +$/', '/ \*/', '/\*\w*/', '/ +/'), array('', '', '$1\S*', '|'), $phrase);
foreach ($results as $i => $page)
{
preg_match_all("/(.{0,120})($phrase)(.{0,120})/is",$page['body'],$matchString);
$text = $this->htmlspecialchars_ent(implode('<br />',$matchString[0]));
$text = str_replace('<br />', "$etc<br />$etc", $text);
// include("formatters/wakka.php");
$highlightMatch = preg_replace("/($phrase)/i","<span class='textsearch_keywords'>$1</span>",$text,-1);
$matchText = "$etc$highlightMatch$etc";
$output .= "<tr>
<td valign=\"top\" align=\"right\">
<table>
<tr>
<td valign=\"top\" align=\"left\" bgcolor=\"#DDDDDD\">
<font color=\"white\" size=\"-3\">
".($i+1)."
</font>
</td>
</tr>
</table>
</td>
<!-- link -->
<td valign=\"top\">
".$this->Link($page["tag"])."
</td>
<!-- date of last update -->
<td valign=\"top\" align=\"right\">
<font color=\"gray\" size=\"-3\">
$page[time]
</font>
</td>
</tr>
<tr>
<td>
</td>
<td colspan=\"2\">
$matchText
</td>
</tr>
<tr>
<td>
</td>
</tr>
";
}
$output .= "</table>";
}
}
$output = $this->ReturnSafeHtml($output);
echo $output;
?>
$etc = "<span class='textsearch_etc'>...</span>";
$output = $this->FormOpen("", "", "get");
$output .= '
<table border="0" cellspacing="0" cellpadding="0">
<tr><td>'.$this->lang['search_for'].': </td>
<td><input name="phrase" size="40" value="';
if (isset($_REQUEST["phrase"]))
{
$output .= $this->htmlspecialchars_ent(stripslashes($_REQUEST["phrase"]));
}
$output .= '" /> <input type="submit" value="'.$this->lang['search'].'"/></td></tr>
</table>';
$output .= $this->FormClose();
if (isset($_REQUEST["phrase"]) && $phrase = $_REQUEST["phrase"])
{
$phrase = stripslashes($phrase);
$output .= "<br />";
$results = $this->FullTextSearch($phrase);
switch (count($results))
{
case 0: $output .= sprintf($this->lang['zero_result_for'], $phrase); break;
case 1: $output .= sprintf($this->lang['one_result_for'], $phrase); break;
default: $output .= sprintf($this->lang['n_results_for'], $phrase, count($results)); break;
}
$phrase = str_replace("\"", "", $phrase);
if ($results)
{
$output .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
$STORE_FORMATING_AS_TEXT = 1;
#preg_quote
$phrase = preg_replace('/(\.|\\|\?|\[|\^|\]|\$|\(|\)\|{\|\}|\=|\!|\<|\>|\||\:|\/)/', "\\\\$1", $phrase);
$phrase = preg_replace('/\-\S*|\s\+/', ' ', " $phrase ");
$phrase = preg_replace(array('/^ +| +$/', '/ \*/', '/\*\w*/', '/ +/'), array('', '', '$1\S*', '|'), $phrase);
foreach ($results as $i => $page)
{
preg_match_all("/(.{0,120})($phrase)(.{0,120})/is",$page['body'],$matchString);
$text = $this->htmlspecialchars_ent(implode('<br />',$matchString[0]));
$text = str_replace('<br />', "$etc<br />$etc", $text);
// include("formatters/wakka.php");
$highlightMatch = preg_replace("/($phrase)/i","<span class='textsearch_keywords'>$1</span>",$text,-1);
$matchText = "$etc$highlightMatch$etc";
$output .= "<tr>
<td valign=\"top\" align=\"right\">
<table>
<tr>
<td valign=\"top\" align=\"left\" bgcolor=\"#DDDDDD\">
<font color=\"white\" size=\"-3\">
".($i+1)."
</font>
</td>
</tr>
</table>
</td>
<!-- link -->
<td valign=\"top\">
".$this->Link($page["tag"])."
</td>
<!-- date of last update -->
<td valign=\"top\" align=\"right\">
<font color=\"gray\" size=\"-3\">
$page[time]
</font>
</td>
</tr>
<tr>
<td>
</td>
<td colspan=\"2\">
$matchText
</td>
</tr>
<tr>
<td>
</td>
</tr>
";
}
$output .= "</table>";
}
}
$output = $this->ReturnSafeHtml($output);
echo $output;
?>
Every action in Wikka should use the coding :
$output = "....";
...
$output .= ".....";
...
print($this->ReturnSafeHtml($output));
...
$output .= ".....";
...
print($this->ReturnSafeHtml($output));
To prevent javascript attack, but this is another problem.
- Actually, SafeHTML is needed only for those "parts" of an action where user input directly results in HTML output (such as an action parameter used as a tag attribute). When HTML is completely generated by an action, it's not needed (Wikka should take care by itself that generated code is "safe"). --JavaWoman
--DotMG
As part of the SemanticMarkup drive, why not replace all that tag-soup table with:
$highlightMatch = preg_replace("/($phrase)/i","<em><em>$1</em></em>",$text,-1);
$matchText = "…".$highlightMatch."…";
$output .= "\n<p>".($i+1)." ".$this->Link($page["tag"])." — ".$page[time]."</p>";
$output .= "\n<blockquote>".$matchText."</blockquote>\n";
$matchText = "…".$highlightMatch."…";
$output .= "\n<p>".($i+1)." ".$this->Link($page["tag"])." — ".$page[time]."</p>";
$output .= "\n<blockquote>".$matchText."</blockquote>\n";
You remove all the unnecessary table and presentational spans. Use CSS to present the double emphasis exactly how you want, that is what CSS is there for. --IanAndolina
