From 87e717ae8782b5d3a26ecc3d4fee3268fdadf6cb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 28 Oct 2009 15:10:32 +0000 Subject: [PATCH] Fix Bug #53245 - Correct regular expression escaping and only splitting keywords on space and "|" git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10240 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_admin.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c0db64dbfb..92dcf60ee0 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2549,17 +2549,24 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id return; } - $keywords = preg_split('#[\s+\-|*()]+#u', utf8_strtolower(preg_quote($keywords, '#')), 0, PREG_SPLIT_NO_EMPTY); + // Use no preg_quote for $keywords because this would lead to sole backslashes being added + // We also use an OR connection here for spaces and the | string. Currently, regex is not supported for searching (but may come later). + $keywords = preg_split('#[\s|]+#u', utf8_strtolower($keywords), 0, PREG_SPLIT_NO_EMPTY); $sql_keywords = ''; if (!empty($keywords)) { - $keywords_pattern = '#' . implode('|', $keywords) . '#ui'; + $keywords_pattern = array(); + + // Build pattern and keywords... for ($i = 0, $num_keywords = sizeof($keywords); $i < $num_keywords; $i++) { + $keywords_pattern[] = preg_quote($keywords[$i], '#'); $keywords[$i] = $db->sql_like_expression($db->any_char . $keywords[$i] . $db->any_char); } + $keywords_pattern = '#' . implode('|', $keywords_pattern) . '#ui'; + $operations = array(); foreach ($user->lang as $key => $value) {