[LON-CAPA-cvs] cvs: loncom /interface lonsearchcat.pm

raeburn lon-capa-cvs-allow@mail.lon-capa.org
Thu, 16 Oct 2008 22:58:15 -0000 

raeburn		Thu Oct 16 18:58:15 2008 EDT

  Modified files:              
    /loncom/interface	lonsearchcat.pm 
  Log:
  - As dates/times stored in the mysql tables are UTC-based, comparisons with current time need to use UTC_TIMESTAMP() for current time.
  - * allowed in strings used in searches.
  
  
Index: loncom/interface/lonsearchcat.pm
diff -u loncom/interface/lonsearchcat.pm:1.299 loncom/interface/lonsearchcat.pm:1.300
--- loncom/interface/lonsearchcat.pm:1.299	Wed Aug 27 15:50:46 2008
+++ loncom/interface/lonsearchcat.pm	Thu Oct 16 18:58:15 2008
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Search Catalog
 #
-# $Id: lonsearchcat.pm,v 1.299 2008/08/27 19:50:46 raeburn Exp $
+# $Id: lonsearchcat.pm,v 1.300 2008/10/16 22:58:15 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1394,7 +1394,7 @@
 		   'lastrevisiondatestart_month','lastrevisiondatestart_day',
 		   'lastrevisiondatestart_year','lastrevisiondateend_month',
 		   'lastrevisiondateend_day','lastrevisiondateend_year') {
-	$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.]//g;
+	$env{'form.'.$field}=~s/[^\w\/\s\(\)\=\-\"\'.\*]//g;
     }
     foreach ('mode','form','element') {
 	# is this required?  Hmmm.
@@ -1639,7 +1639,7 @@
     #
     if (@queries) {
         if ($env{'form.area'} eq 'portfolio') {
-            $query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND (".join(') AND (',@queries).'))';
+            $query ="SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa, portfolio_addedfields pf WHERE (pm.url = pa.url AND pf.url = pm.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND (".join(') AND (',@queries).'))';
         } else {
 	    $query="SELECT * FROM metadata WHERE (".join(") AND (",@queries).')';
         }
@@ -1702,7 +1702,7 @@
     #
     # Clean up fields for safety
     for my $field ('basicexp') {
-	$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-]//g;
+	$env{"form.$field"}=~s/[^\w\s\'\"\!\(\)\-\*]//g;
     }
     foreach ('mode','form','element') {
 	# is this required?  Hmmm.
@@ -1741,7 +1741,7 @@
     #}
     my $final_query;
     if ($env{'form.area'} eq 'portfolio') {
-        $final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa  WHERE (pm.url = pa.url AND (pa.start < NOW() AND (pa.end IS NULL OR pa.end > NOW())) AND '.join(" AND ",@Queries).')';
+        $final_query = 'SELECT pm.*,pa.keynum,pa.scope FROM portfolio_metadata pm, portfolio_access pa  WHERE (pm.url = pa.url AND (pa.start < UTC_TIMESTAMP() AND (pa.end IS NULL OR pa.end > UTC_TIMESTAMP())) AND '.join(" AND ",@Queries).')';
     } else {
         $final_query = 'SELECT * FROM metadata WHERE '.join(" AND ",@Queries);
     }