@@ -38,9 +38,12 @@ public function options($args)
38
38
**/
39
39
public function search ($ args )
40
40
{
41
+ if (!SecurityUtil::checkPermission ('Feeds:: ' , ':: ' , ACCESS_READ )) {
42
+ return true ;
43
+ }
44
+
41
45
ModUtil::dbInfoLoad ('Search ' );
42
46
$ pntable = DBUtil::getTables ();
43
- $ feedstable = $ pntable ['feeds ' ];
44
47
$ feedscolumn = $ pntable ['feeds_column ' ];
45
48
$ searchTable = $ pntable ['search_result ' ];
46
49
$ searchColumn = $ pntable ['search_result_column ' ];
@@ -51,18 +54,17 @@ public function search($args)
51
54
52
55
$ sessionId = session_id ();
53
56
54
- $ sql = "
55
- SELECT
56
- $ feedscolumn [name] as title,
57
- '' as text,
58
- $ feedscolumn [fid] as id,
59
- $ feedscolumn [cr_date] as date
60
- FROM $ feedstable
61
- WHERE $ where " ;
62
-
63
- $ result = DBUtil::executeSQL ($ sql );
64
- if (!$ result ) {
65
- return LogUtil::registerError ($ this ->__ ('Error! Could not load any Feed. ' ));
57
+ // define the permission filter to apply
58
+ $ permFilter = array (array ('realm ' => 0 ,
59
+ 'component_left ' => 'Feeds ' ,
60
+ 'instance_left ' => 'fid ' ,
61
+ 'instance_right ' => '' ,
62
+ 'level ' => ACCESS_READ ));
63
+
64
+ // get the result set
65
+ $ objArray = DBUtil::selectObjectArray ('feeds ' , $ where , 'fid ' , 1 , -1 , '' , $ permFilter );
66
+ if ($ objArray === false ) {
67
+ return LogUtil::registerError ($ this ->__ ('Error! Could not load items. ' ));
66
68
}
67
69
68
70
$ insertSql =
@@ -75,22 +77,18 @@ public function search($args)
75
77
$ searchColumn [session])
76
78
VALUES " ;
77
79
78
-
79
80
// Process the result set and insert into search result table
80
- for (; !$ result ->EOF ; $ result ->MoveNext ()) {
81
- $ item = $ result ->GetRowAssoc (2 );
82
- if (SecurityUtil::checkPermission ('Feeds::item ' , "$ item [name]:: $ item [id]" , ACCESS_READ )) {
83
- $ sql = $ insertSql . '( '
84
- . '\'' . $ this ->__ ('Feeds Search ' ) . ': ' . DataUtil::formatForStore ($ item ['title ' ]) . '\', '
85
- . '\'' . DataUtil::formatForStore ($ item ['text ' ]) . '\', '
86
- . '\'' . DataUtil::formatForStore ($ item ['id ' ]) . '\', '
87
- . '\'' . DataUtil::formatForStore ($ item ['date ' ]) . '\', '
81
+ foreach ($ objArray as $ obj ) {
82
+ $ sql = $ insertSql . '( '
83
+ . '\'' . DataUtil::formatForStore ($ obj ['name ' ]) . '\', '
84
+ . '\'' . '\', '
85
+ . '\'' . DataUtil::formatForStore ($ obj ['fid ' ]) . '\', '
86
+ . '\'' . DataUtil::formatForStore ($ obj ['cr_date ' ]) . '\', '
88
87
. '\'' . 'Feeds ' . '\', '
89
88
. '\'' . DataUtil::formatForStore ($ sessionId ) . '\') ' ;
90
- $ insertResult = DBUtil::executeSQL ($ sql );
91
- if (!$ insertResult ) {
92
- return LogUtil::registerError ($ this ->__ ('Error! Could not load any Feed. ' ));
93
- }
89
+ $ insertResult = DBUtil::executeSQL ($ sql );
90
+ if (!$ insertResult ) {
91
+ return LogUtil::registerError (__ ('Error! Could not load items. ' , $ dom ));
94
92
}
95
93
}
96
94
@@ -103,13 +101,11 @@ public function search($args)
103
101
* Access checking is ignored since access check has
104
102
* already been done. But we do add a URL to the found item
105
103
*/
106
- public function search_check (& $ args )
104
+ public function search_check ($ args )
107
105
{
108
106
$ datarow = &$ args ['datarow ' ];
109
107
$ feedsId = $ datarow ['extra ' ];
110
-
111
108
$ datarow ['url ' ] = ModUtil::url ('Feeds ' , 'user ' , 'display ' , array ('fid ' => $ feedsId ));
112
-
113
109
return true ;
114
110
}
115
111
0 commit comments