From 41256f644b02bf4dcb2bc3798bdf470fa93515da Mon Sep 17 00:00:00 2001 From: cash Date: Thu, 6 Oct 2011 21:04:57 -0400 Subject: Fixes #3932 Refs #3931 improved the livesearch endpoint --- engine/lib/input.php | 45 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 26 deletions(-) (limited to 'engine/lib/input.php') diff --git a/engine/lib/input.php b/engine/lib/input.php index 8ba3ac180..127113205 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -229,7 +229,7 @@ function elgg_clear_sticky_value($form_name, $variable) { * /livesearch?q= * * Other options include: - * match_on string all|array(groups|users|friends|subtype) + * match_on string all or array(groups|users|friends) * match_owner int 0/1 * limit int default is 10 * @@ -237,6 +237,7 @@ function elgg_clear_sticky_value($form_name, $variable) { */ function input_livesearch_page_handler($page) { global $CONFIG; + // only return results to logged in users. if (!$user = elgg_get_logged_in_user_entity()) { exit; @@ -252,14 +253,16 @@ function input_livesearch_page_handler($page) { $q = str_replace(array('_', '%'), array('\_', '\%'), $q); $match_on = get_input('match_on', 'all'); - if ($match_on == 'all' || $match_on[0] == 'all') { - $match_on = array('users', 'groups'); - } if (!is_array($match_on)) { $match_on = array($match_on); } + // all = users and groups + if (in_array('all', $match_on)) { + $match_on = array('users', 'groups'); + } + if (get_input('match_owner', false)) { $owner_guid = $user->getGUID(); $owner_where = 'AND e.owner_guid = ' . $user->getGUID(); @@ -268,21 +271,12 @@ function input_livesearch_page_handler($page) { $owner_where = ''; } - $limit = get_input('limit', 10); + $limit = sanitise_int(get_input('limit', 10)); // grab a list of entities and send them in json. $results = array(); - foreach ($match_on as $type) { - switch ($type) { - case 'all': - // only need to pull up title from objects. - - $options = array('owner_guid' => $owner_guid, 'limit' => $limit); - if (!$entities = elgg_get_entities($options) AND is_array($entities)) { - $results = array_merge($results, $entities); - } - break; - + foreach ($match_on as $match_type) { + switch ($match_type) { case 'users': $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e WHERE e.guid = ue.guid @@ -298,7 +292,7 @@ function input_livesearch_page_handler($page) { 'type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, - 'icon' => '', 'guid' => $entity->guid ); @@ -325,8 +319,8 @@ function input_livesearch_page_handler($page) { 'type' => 'group', 'name' => $entity->name, 'desc' => strip_tags($entity->description), - 'icon' => '', + 'icon' => '', 'guid' => $entity->guid ); @@ -336,7 +330,6 @@ function input_livesearch_page_handler($page) { break; case 'friends': - $access = get_access_sql_suffix(); $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, @@ -357,8 +350,8 @@ function input_livesearch_page_handler($page) { 'type' => 'user', 'name' => $entity->name, 'desc' => $entity->username, - 'icon' => '', + 'icon' => '', 'guid' => $entity->guid ); $results[$entity->name . rand(1, 100)] = $result; @@ -367,15 +360,15 @@ function input_livesearch_page_handler($page) { break; default: - // arbitrary subtype. - //@todo you cannot specify a subtype without a type. - // did this ever work? - elgg_get_entities(array('subtype' => $type, 'owner_guid' => $owner_guid)); + header("HTTP/1.0 400 Bad Request", true); + echo "livesearch: unknown match_on of $match_type"; + exit; break; } } ksort($results); + header("Content-Type: application/json"); echo json_encode(array_values($results)); exit; } -- cgit v1.2.3