<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [3511] trunk:
Fix double-escaping of search string when performing search from the site-wide search box
.</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>3511</dd>
<dt>Author</dt> <dd>djpaul</dd>
<dt>Date</dt> <dd>2010-12-04 23:41:28 +0000 (Sat, 04 Dec 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fix double-escaping of search string when performing search from the site-wide search box. Partially addresses #2776.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpblogsbpblogstemplatetagsphp">trunk/bp-blogs/bp-blogs-templatetags.php</a></li>
<li><a href="#trunkbpcorebpcoretemplatetagsphp">trunk/bp-core/bp-core-templatetags.php</a></li>
<li><a href="#trunkbpcorephp">trunk/bp-core.php</a></li>
<li><a href="#trunkbpforumsbpforumstemplatetagsphp">trunk/bp-forums/bp-forums-templatetags.php</a></li>
<li><a href="#trunkbpgroupsbpgroupstemplatetagsphp">trunk/bp-groups/bp-groups-templatetags.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpblogsbpblogstemplatetagsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-blogs/bp-blogs-templatetags.php (3510 => 3511)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-blogs/bp-blogs-templatetags.php 2010-12-04 16:48:24 UTC (rev 3510)
+++ trunk/bp-blogs/bp-blogs-templatetags.php 2010-12-04 23:41:28 UTC (rev 3511)
</span><span class="lines">@@ -502,9 +502,15 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function bp_directory_blogs_search_form() {
</span><del>- global $bp; ?>
</del><ins>+ global $bp;
+
+ $search_value = __( 'Search anything...', 'buddypress' );
+ if ( !empty( $_GET['s'] ) )
+ $search_value = stripslashes( $_GET['s'] );
+
+ ?>
</ins><span class="cx"> <form action="" method="get" id="search-blogs-form">
</span><del>- <label><input type="text" name="s" id="blogs_search" value="<?php if ( isset( $_GET['s'] ) ) { echo $_GET['s']; } else { _e( 'Search anything...', 'buddypress' ); } ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</del><ins>+ <label><input type="text" name="s" id="blogs_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</ins><span class="cx"> <input type="submit" id="blogs_search_submit" name="blogs_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
</span><span class="cx"> </form>
</span><span class="cx"> <?php
</span></span></pre></div>
<a id="trunkbpcorebpcoretemplatetagsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-templatetags.php (3510 => 3511)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-templatetags.php 2010-12-04 16:48:24 UTC (rev 3510)
+++ trunk/bp-core/bp-core-templatetags.php 2010-12-04 23:41:28 UTC (rev 3511)
</span><span class="lines">@@ -456,7 +456,7 @@
</span><span class="cx">
</span><span class="cx"> $search_value = __( 'Search anything...', 'buddypress' );
</span><span class="cx"> if ( !empty( $_GET['s'] ) )
</span><del>- $search_value = $_GET['s'];
</del><ins>+ $search_value = stripslashes( $_GET['s'] );
</ins><span class="cx">
</span><span class="cx"> ?>
</span><span class="cx"> <form action="" method="get" id="search-members-form">
</span></span></pre></div>
<a id="trunkbpcorephp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core.php (3510 => 3511)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core.php 2010-12-04 16:48:24 UTC (rev 3510)
+++ trunk/bp-core.php 2010-12-04 23:41:28 UTC (rev 3511)
</span><span class="lines">@@ -1678,40 +1678,48 @@
</span><span class="cx"> *
</span><span class="cx"> * @package BuddyPress Core
</span><span class="cx"> * @global $bp The global BuddyPress settings variable created in bp_core_setup_globals()
</span><del>- * @param $slug The slug to redirect to for searching.
</del><ins>+ * @param string $slug The slug to redirect to for searching.
</ins><span class="cx"> */
</span><del>-function bp_core_action_search_site( $slug = false ) {
</del><ins>+function bp_core_action_search_site( $slug = '' ) {
</ins><span class="cx"> global $bp;
</span><span class="cx">
</span><del>- if ( $bp->current_component == BP_SEARCH_SLUG ) {
- $search_terms = $_POST['search-terms'];
- $search_which = $_POST['search-which'];
</del><ins>+ if ( BP_SEARCH_SLUG != $bp->current_component )
+ return;
</ins><span class="cx">
</span><del>- if ( !$slug || empty( $slug ) ) {
- switch ( $search_which ) {
- case 'members': default:
- $slug = $bp->members->slug;
- $var = '/?s=';
- break;
- case 'groups':
- $slug = BP_GROUPS_SLUG;
- $var = '/?s=';
- break;
- case 'forums':
- $slug = BP_FORUMS_SLUG;
- $var = '/?fs=';
- break;
- case 'blogs':
- $slug = BP_BLOGS_SLUG;
- $var = '/?s=';
- break;
- }
</del><ins>+ if ( empty( $_POST['search-terms'] ) ) {
+ bp_core_redirect( $bp->root_domain );
+ return;
+ }
+
+ $search_terms = stripslashes( $_POST['search-terms'] );
+ $search_which = !empty( $_POST['search-which'] ) ? $_POST['search-which'] : '';
+ $query_string = '/?s=';
+
+ if ( empty( $slug ) ) {
+ switch ( $search_which ) {
+ case 'blogs':
+ $slug = bp_is_active( 'blogs' ) ? $bp->blogs->slug : '';
+ break;
+ case 'forums':
+ $slug = bp_is_active( 'forums' ) ? $bp->forums->slug : '';
+ $query_string = '/?fs=';
+ break;
+ case 'groups':
+ $slug = bp_is_active( 'groups' ) ? $bp->groups->slug : '';
+ break;
+ case 'members':
+ default:
+ $slug = $bp->members->slug;
+ break;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- $search_url = apply_filters( 'bp_core_search_site', site_url( $slug . $var . urlencode($search_terms) ), $search_terms );
</del><ins>+ if ( empty( $slug ) ) {
+ bp_core_redirect( $bp->root_domain );
+ return;
+ }
+ }
</ins><span class="cx">
</span><del>- bp_core_redirect( $search_url );
- }
</del><ins>+ bp_core_redirect( apply_filters( 'bp_core_search_site', site_url( $slug . $query_string . urlencode( $search_terms ) ), $search_terms ) );
</ins><span class="cx"> }
</span><span class="cx"> add_action( 'init', 'bp_core_action_search_site', 5 );
</span><span class="cx">
</span></span></pre></div>
<a id="trunkbpforumsbpforumstemplatetagsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-forums/bp-forums-templatetags.php (3510 => 3511)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-forums/bp-forums-templatetags.php 2010-12-04 16:48:24 UTC (rev 3510)
+++ trunk/bp-forums/bp-forums-templatetags.php 2010-12-04 23:41:28 UTC (rev 3511)
</span><span class="lines">@@ -1030,11 +1030,11 @@
</span><span class="cx">
</span><span class="cx"> $search_value = __( 'Search anything...', 'buddypress' );
</span><span class="cx"> if ( !empty( $_REQUEST['fs'] ) )
</span><del>- $search_value = $_REQUEST['fs'];
</del><ins>+ $search_value = stripslashes( $_REQUEST['fs'] );
</ins><span class="cx">
</span><span class="cx"> ?>
</span><span class="cx"> <form action="" method="get" id="search-forums-form">
</span><del>- <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</del><ins>+ <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</ins><span class="cx"> <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
</span><span class="cx"> </form>
</span><span class="cx"> <?php
</span></span></pre></div>
<a id="trunkbpgroupsbpgroupstemplatetagsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-groups/bp-groups-templatetags.php (3510 => 3511)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-groups/bp-groups-templatetags.php 2010-12-04 16:48:24 UTC (rev 3510)
+++ trunk/bp-groups/bp-groups-templatetags.php 2010-12-04 23:41:28 UTC (rev 3511)
</span><span class="lines">@@ -1835,12 +1835,12 @@
</span><span class="cx"> global $bp;
</span><span class="cx">
</span><span class="cx"> $search_value = __( 'Search anything...', 'buddypress' );
</span><del>- if ( isset( $_REQUEST['s'] ) && !empty( $_REQUEST['s'] ) )
- $search_value = $_REQUEST['s'];
</del><ins>+ if ( !empty( $_REQUEST['s'] ) )
+ $search_value = stripslashes( $_REQUEST['s'] );
</ins><span class="cx">
</span><span class="cx"> ?>
</span><span class="cx"> <form action="" method="get" id="search-groups-form">
</span><del>- <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</del><ins>+ <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
</ins><span class="cx"> <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
</span><span class="cx"> </form>
</span><span class="cx"> <?php
</span></span></pre>
</div>
</div>
</body>
</html>