[aur-dev] fix for FS#15947
Rough cut of a fix for FS#15947. Another related request: http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html Laszlo's request also asked for 'submitter', but I think that is less useful, hence I left it out. It might make sense to add 'maintainer' to the info and search results. Unsure.
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html
Thanks. For future patch submissions please put a more descriptive subject, such as "Add maintainer search to json interface. Closes FS#15947"
Feel free to change it. -- elij (cactus) On Sun, Sep 27, 2009 at 9:14 PM, Loui Chang <louipc.ist@gmail.com> wrote:
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html
Thanks. For future patch submissions please put a more descriptive subject, such as "Add maintainer search to json interface. Closes FS#15947"
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 5b9ecd1..3af41be 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -95,10 +95,9 @@ class AurJSON { $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$query = "SELECT " . implode(',', $this->fields) . - " FROM Packages WHERE DummyPkg=0 AND "; - $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )", - $keyword_string, $keyword_string); - + " FROM Packages, Users WHERE DummyPkg=0 AND " .
This line breaks the basic search function since ID from $fields is not unique. Why are you selecting from the Users table anyways?
+ " ( Name LIKE '%{$keyword_string}%' OR " . + " Description LIKE '%{$keyword_string}%' )"; $result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) { @@ -158,5 +157,33 @@ class AurJSON { return $this->json_error('No result found'); } } + + /** + * Returns all the packages for a specific maintainer. + * @param $maintainer The name of the maintainer. + * @return mixed Returns an array of value data containing the package data + **/ + private function msearch($maintainer) { + $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $fields = implode(',', $this->fields); + + $query = "SELECT Users.Usermain as Maintainer, {$fields} " . + " FROM Packages, Users " . + " WHERE Packages.MaintainerUID = Users.UID AND " . + " Users.Username = '{$maintainer}'";
Users.Usermain isn't a field in the database, neither is Users.UID. There's also the problem of ID from $fields not being unique. I've fixed all these and pushed the modified patch. Please test your patches! Thanks
On Mon, Sep 28, 2009 at 12:59 PM, Loui Chang <louipc.ist@gmail.com> wrote:
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 5b9ecd1..3af41be 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -95,10 +95,9 @@ class AurJSON { $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$query = "SELECT " . implode(',', $this->fields) . - " FROM Packages WHERE DummyPkg=0 AND "; - $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )", - $keyword_string, $keyword_string); - + " FROM Packages, Users WHERE DummyPkg=0 AND " .
This line breaks the basic search function since ID from $fields is not unique. Why are you selecting from the Users table anyways?
+ " ( Name LIKE '%{$keyword_string}%' OR " . + " Description LIKE '%{$keyword_string}%' )"; $result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) { @@ -158,5 +157,33 @@ class AurJSON { return $this->json_error('No result found'); } } + + /** + * Returns all the packages for a specific maintainer. + * @param $maintainer The name of the maintainer. + * @return mixed Returns an array of value data containing the package data + **/ + private function msearch($maintainer) { + $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $fields = implode(',', $this->fields); + + $query = "SELECT Users.Usermain as Maintainer, {$fields} " . + " FROM Packages, Users " . + " WHERE Packages.MaintainerUID = Users.UID AND " . + " Users.Username = '{$maintainer}'";
Users.Usermain isn't a field in the database, neither is Users.UID. There's also the problem of ID from $fields not being unique.
I've fixed all these and pushed the modified patch.
Please test your patches! Thanks
I didn't have a machine to test it on at the time. *shrug*
On Mon, Sep 28, 2009 at 10:12 PM, elij <elij.mx@gmail.com> wrote:
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 5b9ecd1..3af41be 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -95,10 +95,9 @@ class AurJSON { $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$query = "SELECT " . implode(',', $this->fields) . - " FROM Packages WHERE DummyPkg=0 AND "; - $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )", - $keyword_string, $keyword_string); - + " FROM Packages, Users WHERE DummyPkg=0 AND " .
This line breaks the basic search function since ID from $fields is not unique. Why are you selecting from the Users table anyways?
+ " ( Name LIKE '%{$keyword_string}%' OR " . + " Description LIKE '%{$keyword_string}%' )"; $result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) { @@ -158,5 +157,33 @@ class AurJSON { return $this->json_error('No result found'); } } + + /** + * Returns all the packages for a specific maintainer. + * @param $maintainer The name of the maintainer. + * @return mixed Returns an array of value data containing the
On Mon, Sep 28, 2009 at 12:59 PM, Loui Chang <louipc.ist@gmail.com> wrote: package data
+ **/ + private function msearch($maintainer) { + $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $fields = implode(',', $this->fields); + + $query = "SELECT Users.Usermain as Maintainer, {$fields} " . + " FROM Packages, Users " . + " WHERE Packages.MaintainerUID = Users.UID AND " . + " Users.Username = '{$maintainer}'";
Users.Usermain isn't a field in the database, neither is Users.UID. There's also the problem of ID from $fields not being unique.
I've fixed all these and pushed the modified patch.
Please test your patches! Thanks
I didn't have a machine to test it on at the time. *shrug*
Hello Eliot! The patch you did for the maintainer searching, it gives back the packages in arrays chich contain the 'Maintainer' element which isn't contained in a normal search. Could this 'Maintainer element be in the normal searching too ? Just for the unity, for example when parsing it would be better. Best Regards, Laszlo Papp
On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 5b9ecd1..3af41be 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -128,13 +127,13 @@ class AurJSON { // just using sprintf to coerce the pqd to an int // should handle sql injection issues, since sprintf will // bork if not an int, or convert the string to a number 0 - $query_stub = sprintf("ID=%d",$pqdata); + $query_stub = "ID={$pqdata}"; } else { if(get_magic_quotes_gpc()) { $pqdata = stripslashes($pqdata); } - $query_stub = sprintf("Name=\"%s\"", + $query_stub = printf("Name=\"%s\"", mysql_real_escape_string($pqdata)); }
Hah. printf returns an integer, but we really want a string here. I've pushed the fix. (Change to sprintf again) Cheers.
On Mon, Sep 28, 2009 at 5:59 AM, elij <elij.mx@gmail.com> wrote:
Rough cut of a fix for FS#15947. Another related request: http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html
Laszlo's request also asked for 'submitter', but I think that is less useful, hence I left it out.
It might make sense to add 'maintainer' to the info and search results. Unsure.
Hello! Really thanks :) Submitter can be useful too, as you can see this search criteria in the advanced searching. If someone would like to write an aur frontend, it would be very useful for him so that to be able to do an option for the frontend where he can search for packages from the desired Submitter. That was my purpose with the Maintainer too. Best Regards, Laszlo Papp
participants (3)
-
elij
-
Laszlo Papp
-
Loui Chang