1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?php
/**
* Search box
*
* @uses $vars['value'] Current search query
* @uses $vars['class'] Additional class
*/
if (array_key_exists('value', $vars)) {
$value = $vars['value'];
} elseif ($value = get_input('q', get_input('tag', NULL))) {
$value = $value;
}
$class = "elgg-search";
if (isset($vars['class'])) {
$class = "$class {$vars['class']}";
}
// @todo - why the strip slashes?
$value = stripslashes($value);
// @todo - create function for sanitization of strings for display in 1.8
// encode <,>,&, quotes and characters above 127
if (function_exists('mb_convert_encoding')) {
$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
} else {
// if no mbstring extension, we just strip characters
$display_query = preg_replace("/[^\x01-\x7F]/", "", $value);
}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
?>
<form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get">
<fieldset>
<input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" placeholder="<?php echo elgg_echo('search'); ?>" />
<input type="hidden" name="search_type" value="all" />
<input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" />
</fieldset>
</form>
|