From: stronk7 Date: Tue, 31 Oct 2006 20:34:12 +0000 (+0000) Subject: Prevent +/- operators (REGEXP) on glossary searches for MSSQL and Oracle. MDL-7312 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6f4bdb9c9be789deacc36e76bfd2c18cef0a89b9;p=moodle.git Prevent +/- operators (REGEXP) on glossary searches for MSSQL and Oracle. MDL-7312 Merged from MOODLE_17_STABLE --- diff --git a/mod/glossary/lib.php b/mod/glossary/lib.php index fd9fc0d14f..ae90f92078 100644 --- a/mod/glossary/lib.php +++ b/mod/glossary/lib.php @@ -987,6 +987,12 @@ function glossary_search($course, $searchterms, $extended = 0, $glossary = NULL) $definitionsearch.= " OR "; } + /// Under Oracle and MSSQL, trim the + and - operators and perform + /// simpler LIKE search + if ($CFG->dbtype == 'oci8po' || $CFG->dbtype == 'mssql' || $CFG->dbtype == 'mssql_n' || $CFG->dbtype == 'odbc_mssql') { + $searchterm = trim($searchterm, '+-'); + } + if (substr($searchterm,0,1) == "+") { $searchterm = substr($searchterm,1); $conceptsearch.= " e.concept $REGEXP '(^|[^a-zA-Z0-9])$searchterm([^a-zA-Z0-9]|$)' "; diff --git a/mod/glossary/sql.php b/mod/glossary/sql.php index c78ed29dc8..767c20bca2 100644 --- a/mod/glossary/sql.php +++ b/mod/glossary/sql.php @@ -160,6 +160,13 @@ if ($definitionsearch) { $definitionsearch .= " AND "; } + + /// Under Oracle and MSSQL, trim the + and - operators and perform + /// simpler LIKE search + if ($CFG->dbtype == 'oci8po' || $CFG->dbtype == 'mssql' || $CFG->dbtype == 'mssql_n' || $CFG->dbtype == 'odbc_mssql') { + $searchterm = trim($searchterm, '+-'); + } + if (substr($searchterm,0,1) == "+") { $searchterm = substr($searchterm,1); $conceptsearch .= " ge.concept $REGEXP '(^|[^a-zA-Z0-9])$searchterm([^a-zA-Z0-9]|$)' ";