diff options
Diffstat (limited to 'mod/html5/views/default/search/search_box.php')
-rw-r--r-- | mod/html5/views/default/search/search_box.php | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/mod/html5/views/default/search/search_box.php b/mod/html5/views/default/search/search_box.php new file mode 100644 index 000000000..2abc47ca3 --- /dev/null +++ b/mod/html5/views/default/search/search_box.php @@ -0,0 +1,43 @@ +<?php +/** + * Search box + * + * @uses $vars['value'] Current search query + * @uses $vars['class'] Additional class + * + * @override mod/search/views/default/search/search_box.php + */ + +if (array_key_exists('value', $vars)) { + $value = $vars['value']; +} elseif ($value = get_input('q', get_input('tag', NULL))) { + $value = $value; +} + +$class = "elgg-search"; +if (isset($vars['class'])) { + $class = "$class {$vars['class']}"; +} + +// @todo - why the strip slashes? +$value = stripslashes($value); + +// @todo - create function for sanitization of strings for display in 1.8 +// encode <,>,&, quotes and characters above 127 +if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); +} else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $value); +} +$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); + +?> + +<form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get"> + <fieldset> + <input type="search" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" placeholder="<?php echo elgg_echo('search'); ?>" /> + <input type="hidden" name="search_type" value="all" /> + <input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" /> + </fieldset> +</form> |