[aur-dev] [PATCH 1/1] fix for FS#15947

Loui Chang louipc.ist at gmail.com
Mon Sep 28 15:59:50 EDT 2009 

On Sun 27 Sep 2009 20:59 -0700, elij wrote:
> Fix for maintainer search ticket: FS#15947
> Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html
> ---
>  web/lib/aurjson.class.php |   41 ++++++++++++++++++++++++++++++++++-------
>  1 files changed, 34 insertions(+), 7 deletions(-)
> 

> diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
> index 5b9ecd1..3af41be 100644
> --- a/web/lib/aurjson.class.php
> +++ b/web/lib/aurjson.class.php
> @@ -95,10 +95,9 @@ class AurJSON {
>          $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
>  
>          $query = "SELECT " . implode(',', $this->fields) .
> -            " FROM Packages WHERE DummyPkg=0 AND ";
> -        $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )",
> -                $keyword_string, $keyword_string);
> -
> +            " FROM Packages, Users WHERE DummyPkg=0 AND " . 

This line breaks the basic search function since ID from $fields is not
unique. Why are you selecting from the Users table anyways?

> +            "  ( Name LIKE '%{$keyword_string}%' OR " .
> +            "    Description LIKE '%{$keyword_string}%' )";
>          $result = db_query($query, $this->dbh);
>  
>          if ( $result && (mysql_num_rows($result) > 0) ) {
> @@ -158,5 +157,33 @@ class AurJSON {
>              return $this->json_error('No result found');
>          }
>      }
> +
> +    /**
> +     * Returns all the packages for a specific maintainer.
> +     * @param $maintainer The name of the maintainer.
> +     * @return mixed Returns an array of value data containing the package data
> +     **/
> +    private function msearch($maintainer) {
> +        $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
> +        $fields = implode(',', $this->fields);
> +
> +        $query = "SELECT Users.Usermain as Maintainer, {$fields} " .
> +            " FROM Packages, Users " .
> +            "        WHERE Packages.MaintainerUID = Users.UID AND " .
> +            "              Users.Username = '{$maintainer}'";

Users.Usermain isn't a field in the database, neither is Users.UID.
There's also the problem of ID from $fields not being unique.

I've fixed all these and pushed the modified patch.

Please test your patches!
Thanks

More information about the aur-dev mailing list