11-06-2008, 18:56
search.php, j'ai ajouté des lignes pour vérifier le format de l'input:
Code :
...
$search_data = array(
"keywords" => $mybb->input['keywords'],
"author" => $mybb->input['author'],
"postthread" => $mybb->input['postthread'],
"matchusername" => $mybb->input['matchusername'],
"postdate" => $mybb->input['postdate'],
"pddir" => $mybb->input['pddir'],
"forums" => $mybb->input['forums'],
"findthreadst" => $mybb->input['findthreadst'],
"numreplies" => $mybb->input['numreplies']
);
// Ca commence ici
if (ereg("date ([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})", $mybb->input['keywords'], $regs)){
$date_to_search = mktime(0,0,0,$regs[2],$regs[3],$regs[1]);
$where_sql = "t.lastpost >= '".$date_to_search."'";
if($mybb->input['fid'])
{
$where_sql .= " AND t.fid='".intval($mybb->input['fid'])."'";
}
$unsearchforums = get_unsearchable_forums();
if($unsearchforums)
{
$where_sql .= " AND t.fid NOT IN ($unsearchforums)";
}
$inactiveforums = get_inactive_forums();
if($inactiveforums)
{
$where_sql .= " AND t.fid NOT IN ($inactiveforums)";
}
$sid = md5(uniqid(microtime(), 1));
$searcharray = array(
"sid" => $db->escape_string($sid),
"uid" => $mybb->user['uid'],
"dateline" => time(),
"ipaddress" => $db->escape_string($session->ipaddress),
"threads" => '',
"posts" => '',
"searchtype" => "titles",
"resulttype" => "threads",
"querycache" => $db->escape_string($where_sql),
);
$plugins->run_hooks("search_do_search_process");
$db->insert_query(TABLE_PREFIX."searchlog", $searcharray);
redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
}
// ET ça s'arrête là
if($config['dbtype'] == "mysql" || $config['dbtype'] == "mysqli")
{
if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean(TABLE_PREFIX."posts") && $db->is_fulltext(TABLE_PREFIX."posts"))
...
Recule fils!!!
