aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/input.php45
1 files changed, 19 insertions, 26 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 8ba3ac180..127113205 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -229,7 +229,7 @@ function elgg_clear_sticky_value($form_name, $variable) {
* /livesearch?q=<query>
*
* Other options include:
- * match_on string all|array(groups|users|friends|subtype)
+ * match_on string all or array(groups|users|friends)
* match_owner int 0/1
* limit int default is 10
*
@@ -237,6 +237,7 @@ function elgg_clear_sticky_value($form_name, $variable) {
*/
function input_livesearch_page_handler($page) {
global $CONFIG;
+
// only return results to logged in users.
if (!$user = elgg_get_logged_in_user_entity()) {
exit;
@@ -252,14 +253,16 @@ function input_livesearch_page_handler($page) {
$q = str_replace(array('_', '%'), array('\_', '\%'), $q);
$match_on = get_input('match_on', 'all');
- if ($match_on == 'all' || $match_on[0] == 'all') {
- $match_on = array('users', 'groups');
- }
if (!is_array($match_on)) {
$match_on = array($match_on);
}
+ // all = users and groups
+ if (in_array('all', $match_on)) {
+ $match_on = array('users', 'groups');
+ }
+
if (get_input('match_owner', false)) {
$owner_guid = $user->getGUID();
$owner_where = 'AND e.owner_guid = ' . $user->getGUID();
@@ -268,21 +271,12 @@ function input_livesearch_page_handler($page) {
$owner_where = '';
}
- $limit = get_input('limit', 10);
+ $limit = sanitise_int(get_input('limit', 10));
// grab a list of entities and send them in json.
$results = array();
- foreach ($match_on as $type) {
- switch ($type) {
- case 'all':
- // only need to pull up title from objects.
-
- $options = array('owner_guid' => $owner_guid, 'limit' => $limit);
- if (!$entities = elgg_get_entities($options) AND is_array($entities)) {
- $results = array_merge($results, $entities);
- }
- break;
-
+ foreach ($match_on as $match_type) {
+ switch ($match_type) {
case 'users':
$query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e
WHERE e.guid = ue.guid
@@ -298,7 +292,7 @@ function input_livesearch_page_handler($page) {
'type' => 'user',
'name' => $entity->name,
'desc' => $entity->username,
- 'icon' => '<img class="livesearch_icon" src="' .
+ 'icon' => '<img class="elgg-livesearch-icon" src="' .
get_entity($entity->guid)->getIconURL('tiny') . '" />',
'guid' => $entity->guid
);
@@ -325,8 +319,8 @@ function input_livesearch_page_handler($page) {
'type' => 'group',
'name' => $entity->name,
'desc' => strip_tags($entity->description),
- 'icon' => '<img class="livesearch_icon" src="'
- . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'icon' => '<img class="elgg-livesearch-icon" src="'
+ . get_entity($entity->guid)->getIconURL('tiny') . '" />',
'guid' => $entity->guid
);
@@ -336,7 +330,6 @@ function input_livesearch_page_handler($page) {
break;
case 'friends':
- $access = get_access_sql_suffix();
$query = "SELECT * FROM
{$CONFIG->dbprefix}users_entity as ue,
{$CONFIG->dbprefix}entity_relationships as er,
@@ -357,8 +350,8 @@ function input_livesearch_page_handler($page) {
'type' => 'user',
'name' => $entity->name,
'desc' => $entity->username,
- 'icon' => '<img class="livesearch_icon" src="'
- . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'icon' => '<img class="elgg-livesearch-icon" src="'
+ . get_entity($entity->guid)->getIconURL('tiny') . '" />',
'guid' => $entity->guid
);
$results[$entity->name . rand(1, 100)] = $result;
@@ -367,15 +360,15 @@ function input_livesearch_page_handler($page) {
break;
default:
- // arbitrary subtype.
- //@todo you cannot specify a subtype without a type.
- // did this ever work?
- elgg_get_entities(array('subtype' => $type, 'owner_guid' => $owner_guid));
+ header("HTTP/1.0 400 Bad Request", true);
+ echo "livesearch: unknown match_on of $match_type";
+ exit;
break;
}
}
ksort($results);
+ header("Content-Type: application/json");
echo json_encode(array_values($results));
exit;
}