Fix things that broke on previous commission

When escaping characters it no longer breaks excluded
tags and searching for nothing giving everything
This commit is contained in:
Dendy 2020-12-25 00:59:54 +01:00
parent 752ca3ee05
commit 77d7df6a01
Signed by: dendy
GPG Key ID: 0168B35FFD7F608F
3 changed files with 10 additions and 9 deletions

View File

@ -4,6 +4,10 @@ $tmsu = "tmsu -D /strg/drw/.tmsu/db ";
$BASE_ROUTE = ""; $BASE_ROUTE = "";
function escape_cmd($command){
return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
}
/* Exclude */ /* Exclude */
$exclude = ""; $exclude = "";
@ -20,7 +24,7 @@ if(!isset($_SESSION["login"])){
$alone_exclude_query = $alone_exclude_query . " and not " . $ex_tag; $alone_exclude_query = $alone_exclude_query . " and not " . $ex_tag;
} }
$exclude_query = $exclude_query . $alone_exclude_query; $exclude_query = $exclude_query . $alone_exclude_query;
$alone_exclude_query = "'" . $alone_exclude_query . "'"; $alone_exclude_query = escape_cmd($alone_exclude_query);
} }
$_IS_LOGGED = $_SESSION["login"] === "true"; $_IS_LOGGED = $_SESSION["login"] === "true";
@ -30,8 +34,4 @@ if(!is_array($_SESSION["msg"])){
$_SESSION["msg"] = array(); $_SESSION["msg"] = array();
} }
function escape_cmd($command){
return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
}
?> ?>

View File

@ -27,10 +27,10 @@
// Echo total tag count // Echo total tag count
echo "<p>There is a total of " . $tag_num . " tags</p>"; echo "<p>There is a total of " . $tag_num . " tags</p>";
//Tag list //tag list
foreach($output as $tag){ foreach($output as $tag){
$count = ""; $count = "";
exec($tmsu . "files -c " . escape_cmd($tag), $count); exec($tmsu . "files -c " . escape_cmd($tag) . $exclude_query, $count);
if($count[0] !== "0"){ if($count[0] !== "0"){
echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0] .") " . $tag ."</a>, "); echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0] .") " . $tag ."</a>, ");

View File

@ -71,8 +71,9 @@
/* Queries */ /* Queries */
// Handle * and void to show everything // Handle * and void to show everything
if(!$_GET["t"] || $_GET["t"] == "*") if(!$_GET["t"] || $_GET["t"] == "*"){
exec($tmsu . "files " . escape_cmd($alone_exclude_query), $output); exec($tmsu . "files " . $alone_exclude_query, $output);
}
// regular query // regular query
else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output); else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output);