From 9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Sun, 4 Sep 2011 17:43:56 -0700 Subject: Refs #3661. Merged XSS fixes in search to master. --- mod/search/search_hooks.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'mod/search') diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 428d6f700..b302272fb 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -202,6 +202,10 @@ function search_tags_hook($hook, $type, $value, $params) { $search_tag_names = $valid_tag_names; } + if (!$search_tag_names) { + return array('entities' => array(), 'count' => $count); + } + // don't use elgg_get_entities_from_metadata() here because of // performance issues. since we don't care what matches at this point // use an IN clause to grab everything that matches at once and sort @@ -337,7 +341,7 @@ function search_comments_hook($hook, $type, $value, $params) { $container_and = ''; if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) { - $container_and = 'AND e.container_guid = ' . sanitise_string($params['container_guid']); + $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']); } $e_access = get_access_sql_suffix('e'); -- cgit v1.2.3 From d3d5ef824e3dafaf7165ba88712c74a4140c171c Mon Sep 17 00:00:00 2001 From: cash Date: Thu, 15 Sep 2011 21:08:17 -0400 Subject: Fixes #3400, #3820 added additional icons to Elgg's sprite --- _graphics/elgg_sprites.png | Bin 16680 -> 19302 bytes mod/search/views/default/search/css.php | 4 +- views/default/css/elements/icons.php | 181 +++++++++++++++++++------------- 3 files changed, 112 insertions(+), 73 deletions(-) (limited to 'mod/search') diff --git a/_graphics/elgg_sprites.png b/_graphics/elgg_sprites.png index 703ff0c81..02b452d94 100644 Binary files a/_graphics/elgg_sprites.png and b/_graphics/elgg_sprites.png differ diff --git a/mod/search/views/default/search/css.php b/mod/search/views/default/search/css.php index 601536c81..0b8f34b60 100644 --- a/mod/search/views/default/search/css.php +++ b/mod/search/views/default/search/css.php @@ -30,11 +30,11 @@ Search plugin font-size: 12px; font-weight: bold; padding: 2px 4px 2px 26px; - background: transparent url(_graphics/elgg_sprites.png) no-repeat 2px -718px; + background: transparent url(_graphics/elgg_sprites.png) no-repeat 2px -934px; } .elgg-search input[type=text]:focus, .elgg-search input[type=text]:active { background-color: white; - background-position: 2px -700px; + background-position: 2px -916px; border: 1px solid white; color: #0054A7; } diff --git a/views/default/css/elements/icons.php b/views/default/css/elements/icons.php index 1bc056072..ee166b5be 100644 --- a/views/default/css/elements/icons.php +++ b/views/default/css/elements/icons.php @@ -27,215 +27,254 @@ .elgg-icon-arrow-two-head { background-position: 0 -36px; } -.elgg-icon-calendar { +.elgg-icon-attention:hover { background-position: 0 -54px; } -.elgg-icon-checkmark:hover { +.elgg-icon-attention { background-position: 0 -72px; } -.elgg-icon-checkmark { +.elgg-icon-calendar { background-position: 0 -90px; } -.elgg-icon-clip:hover { +.elgg-icon-cell-phone { background-position: 0 -108px; } -.elgg-icon-clip { +.elgg-icon-checkmark:hover { background-position: 0 -126px; } -.elgg-icon-cursor-drag-arrow { +.elgg-icon-checkmark { background-position: 0 -144px; } -.elgg-icon-delete-alt:hover { +.elgg-icon-clip:hover { background-position: 0 -162px; } -.elgg-icon-delete-alt { +.elgg-icon-clip { background-position: 0 -180px; } -.elgg-icon-delete:hover { +.elgg-icon-cursor-drag-arrow { background-position: 0 -198px; } -.elgg-icon-delete { +.elgg-icon-delete-alt:hover { background-position: 0 -216px; } -.elgg-icon-download:hover { +.elgg-icon-delete-alt { background-position: 0 -234px; } -.elgg-icon-download { +.elgg-icon-delete:hover { background-position: 0 -252px; } -.elgg-icon-facebook { +.elgg-icon-delete { background-position: 0 -270px; } -.elgg-icon-home:hover { +.elgg-icon-download:hover { background-position: 0 -288px; } -.elgg-icon-home { +.elgg-icon-download { background-position: 0 -306px; } -.elgg-icon-hover-menu:hover { +.elgg-icon-eye { background-position: 0 -324px; } -.elgg-icon-hover-menu { +.elgg-icon-facebook { background-position: 0 -342px; } -.elgg-icon-link:hover { +.elgg-icon-grid:hover { background-position: 0 -360px; } -.elgg-icon-link { +.elgg-icon-grid { background-position: 0 -378px; } -.elgg-icon-mail-alt:hover { +.elgg-icon-home:hover { background-position: 0 -396px; } -.elgg-icon-mail-alt { +.elgg-icon-home { background-position: 0 -414px; } -.elgg-icon-mail:hover { +.elgg-icon-hover-menu:hover { background-position: 0 -432px; } -.elgg-icon-mail { +.elgg-icon-hover-menu { background-position: 0 -450px; } -.elgg-icon-print-alt { +.elgg-icon-info:hover { background-position: 0 -468px; } -.elgg-icon-print { +.elgg-icon-info { background-position: 0 -486px; } -.elgg-icon-push-pin-alt { +.elgg-icon-link:hover { background-position: 0 -504px; } -.elgg-icon-push-pin { +.elgg-icon-link { background-position: 0 -522px; } -.elgg-icon-redo { +.elgg-icon-list { background-position: 0 -540px; } -.elgg-icon-refresh:hover { +.elgg-icon-lock-closed { background-position: 0 -558px; } -.elgg-icon-refresh { +.elgg-icon-lock-open { background-position: 0 -576px; } -.elgg-icon-round-arrow-left { +.elgg-icon-mail-alt:hover { background-position: 0 -594px; } -.elgg-icon-round-arrow-right { +.elgg-icon-mail-alt { background-position: 0 -612px; } -.elgg-icon-round-checkmark { +.elgg-icon-mail:hover { background-position: 0 -630px; } -.elgg-icon-round-minus { +.elgg-icon-mail { background-position: 0 -648px; } -.elgg-icon-round-plus { +.elgg-icon-photo { background-position: 0 -666px; } -.elgg-icon-rss { +.elgg-icon-print-alt { background-position: 0 -684px; } -.elgg-icon-search-focus { +.elgg-icon-print { background-position: 0 -702px; } -.elgg-icon-search { +.elgg-icon-push-pin-alt { background-position: 0 -720px; } -.elgg-icon-settings-alt:hover { +.elgg-icon-push-pin { background-position: 0 -738px; } -.elgg-icon-settings-alt { +.elgg-icon-redo { background-position: 0 -756px; } -.elgg-icon-settings { +.elgg-icon-refresh:hover { background-position: 0 -774px; } -.elgg-icon-share:hover { +.elgg-icon-refresh { background-position: 0 -792px; } -.elgg-icon-share { +.elgg-icon-round-arrow-left { background-position: 0 -810px; } -.elgg-icon-shop-cart:hover { +.elgg-icon-round-arrow-right { background-position: 0 -828px; } -.elgg-icon-shop-cart { +.elgg-icon-round-checkmark { background-position: 0 -846px; } -.elgg-icon-speech-bubble-alt:hover { +.elgg-icon-round-minus { background-position: 0 -864px; } -.elgg-icon-speech-bubble-alt { +.elgg-icon-round-plus { background-position: 0 -882px; } -.elgg-icon-speech-bubble:hover { +.elgg-icon-rss { background-position: 0 -900px; } -.elgg-icon-speech-bubble { +.elgg-icon-search-focus { background-position: 0 -918px; } -.elgg-icon-star-alt { +.elgg-icon-search { background-position: 0 -936px; } -.elgg-icon-star-empty:hover { +.elgg-icon-settings-alt:hover { background-position: 0 -954px; } -.elgg-icon-star-empty { +.elgg-icon-settings-alt { background-position: 0 -972px; } -.elgg-icon-star:hover { +.elgg-icon-settings { background-position: 0 -990px; } -.elgg-icon-star { +.elgg-icon-share:hover { background-position: 0 -1008px; } -.elgg-icon-tag:hover { +.elgg-icon-share { background-position: 0 -1026px; } -.elgg-icon-tag { +.elgg-icon-shop-cart:hover { background-position: 0 -1044px; } -.elgg-icon-thumbs-down-alt:hover { +.elgg-icon-shop-cart { background-position: 0 -1062px; } -.elgg-icon-thumbs-down:hover, -.elgg-icon-thumbs-down-alt { +.elgg-icon-speech-bubble-alt:hover { background-position: 0 -1080px; } -.elgg-icon-thumbs-down { +.elgg-icon-speech-bubble-alt { background-position: 0 -1098px; } -.elgg-icon-thumbs-up-alt:hover { +.elgg-icon-speech-bubble:hover { background-position: 0 -1116px; } -.elgg-icon-thumbs-up:hover, -.elgg-icon-thumbs-up-alt { +.elgg-icon-speech-bubble { background-position: 0 -1134px; } -.elgg-icon-thumbs-up { +.elgg-icon-star-alt { background-position: 0 -1152px; } -.elgg-icon-trash { +.elgg-icon-star-empty:hover { background-position: 0 -1170px; } -.elgg-icon-twitter { +.elgg-icon-star-empty { background-position: 0 -1188px; } -.elgg-icon-undo { +.elgg-icon-star:hover { background-position: 0 -1206px; } -.elgg-icon-user { +.elgg-icon-star { background-position: 0 -1224px; } -.elgg-icon-user:hover { +.elgg-icon-tag:hover { background-position: 0 -1242px; } -.elgg-icon-users:hover { +.elgg-icon-tag { background-position: 0 -1260px; } -.elgg-icon-users { +.elgg-icon-thumbs-down-alt:hover { background-position: 0 -1278px; } +.elgg-icon-thumbs-down:hover, +.elgg-icon-thumbs-down-alt { + background-position: 0 -1296px; +} +.elgg-icon-thumbs-down { + background-position: 0 -1314px; +} +.elgg-icon-thumbs-up-alt:hover { + background-position: 0 -1332px; +} +.elgg-icon-thumbs-up:hover, +.elgg-icon-thumbs-up-alt { + background-position: 0 -1350px; +} +.elgg-icon-thumbs-up { + background-position: 0 -1368px; +} +.elgg-icon-trash { + background-position: 0 -1386px; +} +.elgg-icon-twitter { + background-position: 0 -1404px; +} +.elgg-icon-undo { + background-position: 0 -1422px; +} +.elgg-icon-user:hover { + background-position: 0 -1440px; +} +.elgg-icon-user { + background-position: 0 -1458px; +} +.elgg-icon-users:hover { + background-position: 0 -1476px; +} +.elgg-icon-users { + background-position: 0 -1494px; +} +.elgg-icon-video { + background-position: 0 -1512px; +} .elgg-avatar > .elgg-icon-hover-menu { -- cgit v1.2.3