Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '17.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur
2023-02-19 18:18:38 +01:00
parent 6c1e9fed89 230c3d2752
commit d89ccaeaad
16 changed files with 316 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
htdocs/core/lib/functions.lib.php
View File

@@ -794,6 +794,12 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
}
}
} else {
// If field name is 'search_xxx' then we force the add of space after each < and > (when following char is numeric) because it means
// we use the < or > to make a search on a numeric value to do higher or lower so we can add a space to break html tags
if (strpos($paramname, 'search_') === 0) {
$out = preg_replace('/([<>])([-+]?\d)/', '\1 \2', $out);
}
$out = sanitizeVal($out, $check, $filter, $options);
}
@@ -9801,7 +9807,7 @@ function dol_getmypid()
* If param $mode is 0, can contains several keywords separated with a space or |
* like "keyword1 keyword2" = We want record field like keyword1 AND field like keyword2
* or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2
* If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000"
* If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < -1000"
* If param $mode is 2, can contains a list of int id separated by comma like "1,3,4"
* If param $mode is 3, can contains a list of string separated by comma like "a,b,c"
* @param integer $mode 0=value is list of keyword strings, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of ID separated with comma (Example '1,3,4')
@@ -9839,23 +9845,35 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
$newres = '';
foreach ($fields as $field) {
if ($mode == 1) {
$operator = '=';
$newcrit = preg_replace('/([!<>=]+)/', '', $crit);
$reg = array();
preg_match('/([!<>=]+)/', $crit, $reg);
if (!empty($reg[1])) {
$operator = $reg[1];
}
if ($newcrit != '') {
$numnewcrit = price2num($newcrit);
if (is_numeric($numnewcrit)) {
$newres .= ($i2 > 0 ? ' OR ' : '').$field.' '.$operator.' '.((float) $numnewcrit); // should be a numeric
} else {
$newres .= ($i2 > 0 ? ' OR ' : '').'1 = 2'; // force false
$tmpcrits = explode('|', $crit);
$i3 = 0; // count the nb of valid criteria added for this field
foreach ($tmpcrits as $tmpcrit) {
if ($tmpcrit !== '0' && empty($tmpcrit)) {
continue;
}
$tmpcrit = trim($tmpcrit);
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '');
$operator = '=';
$newcrit = preg_replace('/([!<>=]+)/', '', $tmpcrit);
$reg = array();
preg_match('/([!<>=]+)/', $tmpcrit, $reg);
if (!empty($reg[1])) {
$operator = $reg[1];
}
if ($newcrit != '') {
$numnewcrit = price2num($newcrit);
if (is_numeric($numnewcrit)) {
$newres .= $field.' '.$operator.' '.((float) $numnewcrit); // should be a numeric
} else {
$newres .= '1 = 2'; // force false, we received a corrupted data
}
$i3++; // a criteria was added to string
}
$i2++; // a criteria was added to string
}
$i2++;
} elseif ($mode == 2 || $mode == -2) {
$crit = preg_replace('/[^0-9,]/', '', $crit); // ID are always integer
$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -2 ? 'NOT ' : '');
@@ -9897,28 +9915,36 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
}
}
}
} else // $mode=0
{
} else { // $mode=0
$tmpcrits = explode('|', $crit);
$i3 = 0;
$i3 = 0; // count the nb of valid criteria added for this field
foreach ($tmpcrits as $tmpcrit) {
if ($tmpcrit !== '0' && empty($tmpcrit)) {
continue;
}
$tmpcrit = trim($tmpcrit);
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '');
if ($tmpcrit == '^$') { // If we search empty, we must combined different fields with AND
$newres .= (($i2 > 0 || $i3 > 0) ? ' AND ' : '');
} else {
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '');
}
if (preg_match('/\.(id|rowid)$/', $field)) { // Special case for rowid that is sometimes a ref so used as a search field
$newres .= $field." = ".(is_numeric(trim($tmpcrit)) ? ((float) trim($tmpcrit)) : '0');
$newres .= $field." = ".(is_numeric($tmpcrit) ? ((float) $tmpcrit) : '0');
} else {
$tmpcrit = trim($tmpcrit);
$tmpcrit2 = $tmpcrit;
$tmpbefore = '%';
$tmpafter = '%';
$tmps = '';
if (preg_match('/^!/', $tmpcrit)) {
$newres .= $field." NOT LIKE '"; // ! as exclude character
$tmps .= $field." NOT LIKE "; // ! as exclude character
$tmpcrit2 = preg_replace('/^!/', '', $tmpcrit2);
} else $newres .= $field." LIKE '";
} else {
$tmps .= $field." LIKE ";
}
$tmps .= "'";
if (preg_match('/^[\^\$]/', $tmpcrit)) {
$tmpbefore = '';
@@ -9928,12 +9954,17 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
$tmpafter = '';
$tmpcrit2 = preg_replace('/[\^\$]$/', '', $tmpcrit2);
}
if ($tmpcrit2 == '' || preg_match('/^!/', $tmpcrit)) {
$tmps = "(".$tmps;
}
$newres .= $tmps;
$newres .= $tmpbefore;
$newres .= $db->escape($tmpcrit2);
$newres .= $tmpafter;
$newres .= "'";
if ($tmpcrit2 == '') {
$newres .= " OR ".$field." IS NULL";
if ($tmpcrit2 == '' || preg_match('/^!/', $tmpcrit)) {
$newres .= " OR ".$field." IS NULL)";
}
}
@@ -9943,13 +9974,14 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
}
$i++;
}
if ($newres) {
$res = $res.($res ? ' AND ' : '').($i2 > 1 ? '(' : '').$newres.($i2 > 1 ? ')' : '');
}
$j++;
}
$res = ($nofirstand ? "" : " AND ")."(".$res.")";
//print 'xx'.$res.'yy';
return $res;
}