Issues (4069)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/SearchForm/SugarSpot.php (4 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
//if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3
/*********************************************************************************
4
 * SugarCRM Community Edition is a customer relationship management program developed by
5
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7
 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
9
 *
10
 * This program is free software; you can redistribute it and/or modify it under
11
 * the terms of the GNU Affero General Public License version 3 as published by the
12
 * Free Software Foundation with the addition of the following permission added
13
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16
 *
17
 * This program is distributed in the hope that it will be useful, but WITHOUT
18
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
20
 * details.
21
 *
22
 * You should have received a copy of the GNU Affero General Public License along with
23
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
24
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25
 * 02110-1301 USA.
26
 *
27
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29
 *
30
 * The interactive user interfaces in modified source and object code versions
31
 * of this program must display Appropriate Legal Notices, as required under
32
 * Section 5 of the GNU Affero General Public License version 3.
33
 *
34
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35
 * these Appropriate Legal Notices must retain the display of the "Powered by
36
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
38
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39
 ********************************************************************************/
40
41
42
/**
43
 * Global search
44
 * @api
45
 */
46
class SugarSpot
47
{
48
    protected $module = "";
49
50
    /**
51
     * @param string $current_module
52
     */
53
    public function __construct($current_module = "")
54
    {
55
        $this->module = $current_module;
56
    }
57
	/**
58
     * searchAndDisplay
59
     *
60
	 * Performs the search and returns the HTML widget containing the results
61
	 *
62
	 * @param  $query string what we are searching for
63
	 * @param  $modules array modules we are searching in
64
	 * @param  $offset int search result offset
65
	 * @return string HTML code containing results
66
     *
67
     * @deprecated deprecated since 6.5
68
	 */
69
	public function searchAndDisplay($query, $modules, $offset=-1)
70
	{
71
        $query_encoded = urlencode($query);
72
        $formattedResults = $this->formatSearchResultsToDisplay($query, $modules, $offset);
73
        $displayMoreForModule = $formattedResults['displayMoreForModule'];
74
        $displayResults = $formattedResults['displayResults'];
75
76
        $ss = new Sugar_Smarty();
77
        $ss->assign('displayResults', $displayResults);
78
        $ss->assign('displayMoreForModule', $displayMoreForModule);
79
        $ss->assign('appStrings', $GLOBALS['app_strings']);
80
        $ss->assign('appListStrings', $GLOBALS['app_list_strings']);
81
        $ss->assign('queryEncoded', $query_encoded);
82
        $template = 'include/SearchForm/tpls/SugarSpot.tpl';
83
        if(file_exists('custom/include/SearchForm/tpls/SugarSpot.tpl'))
84
        {
85
            $template = 'custom/include/SearchForm/tpls/SugarSpot.tpl';
86
        }
87
        return $ss->fetch($template);
88
	}
89
90
91
    protected function formatSearchResultsToDisplay($query, $modules, $offset=-1)
92
    {
93
        $results = $this->_performSearch($query, $modules, $offset);
94
        $displayResults = array();
95
        $displayMoreForModule = array();
96
        //$actions=0;
97
        foreach($results as $m=>$data)
98
        {
99
            if(empty($data['data']))
100
            {
101
                continue;
102
            }
103
104
            $countRemaining = $data['pageData']['offsets']['total'] - count($data['data']);
105
            if($offset > 0)
106
            {
107
                $countRemaining -= $offset;
108
            }
109
110
            if($countRemaining > 0)
111
            {
112
                $displayMoreForModule[$m] = array('query'=>$query,
113
                    'offset'=>$data['pageData']['offsets']['next']++,
114
                    'countRemaining'=>$countRemaining);
115
            }
116
117
            foreach($data['data'] as $row)
118
            {
119
                $name = '';
120
121
                //Determine a name to use
122
                if(!empty($row['NAME']))
123
                {
124
                    $name = $row['NAME'];
125
                }
126
                else if(!empty($row['DOCUMENT_NAME']))
127
                {
128
                    $name = $row['DOCUMENT_NAME'];
129
                }
130
                else
131
                {
132
                    $foundName = '';
133
                    foreach($row as $k=>$v)
134
                    {
135
                        if(strpos($k, 'NAME') !== false)
136
                        {
137
                            if(!empty($row[$k]))
138
                            {
139
                                $name = $v;
140
                                break;
141
                            }
142
                            else if(empty($foundName))
143
                            {
144
                                $foundName = $v;
145
                            }
146
                        }
147
                    }
148
149
                    if(empty($name))
150
                    {
151
                        $name = $foundName;
152
                    }
153
                }
154
155
                $displayResults[$m][$row['ID']] = $name;
156
            }
157
        }
158
159
        return array('displayResults' => $displayResults, 'displayMoreForModule' => $displayMoreForModule);
160
    }
161
	/**
162
	 * Returns the array containing the $searchFields for a module.  This function
163
	 * first checks the default installation directories for the SearchFields.php file and then
164
	 * loads any custom definition (if found)
165
	 *
166
	 * @param  $moduleName String name of module to retrieve SearchFields entries for
167
	 * @return array of SearchFields
168
	 */
169
	protected static function getSearchFields( $moduleName )
170
	{
171
		$searchFields = array();
172
173
		if(file_exists("modules/{$moduleName}/metadata/SearchFields.php"))
174
		{
175
		    require("modules/{$moduleName}/metadata/SearchFields.php");
176
		}
177
178
		if(file_exists("custom/modules/{$moduleName}/metadata/SearchFields.php"))
179
		{
180
		    require("custom/modules/{$moduleName}/metadata/SearchFields.php");
181
		}
182
183
		return $searchFields;
184
	}
185
186
187
	/**
188
	 * Get count from query
189
	 * @param SugarBean $seed
190
	 * @param string $main_query
191
	 */
192
	protected function _getCount($seed, $main_query)
193
	{
194
		$result = $seed->db->query("SELECT COUNT(*) as c FROM ($main_query) main");
195
		$row = $seed->db->fetchByAssoc($result);
196
		return isset($row['c'])?$row['c']:0;
197
	}
198
199
    /**
200
     * Determine which modules should be searched against.
201
     *
202
     * @return array
203
     */
204
    protected function getSearchModules()
205
    {
206
        $usa = new UnifiedSearchAdvanced();
207
        $unified_search_modules_display = $usa->getUnifiedSearchModulesDisplay();
208
209
        // load the list of unified search enabled modules
210
        $modules = array();
211
212
        //check to see if the user has  customized the list of modules available to search
213
        $users_modules = $GLOBALS['current_user']->getPreference('globalSearch', 'search');
214
215
        if(!empty($users_modules))
216
        {
217
            // use user's previous selections
218
            foreach ($users_modules as $key => $value )
219
            {
220
                if (isset($unified_search_modules_display[$key]) && !empty($unified_search_modules_display[$key]['visible']))
221
                {
222
                    $modules[$key] = $key;
223
                }
224
            }
225
        }
226
        else
227
        {
228
            foreach($unified_search_modules_display as $key=>$data)
229
            {
230
                if (!empty($data['visible']))
231
                {
232
                    $modules[$key] = $key;
233
                }
234
            }
235
        }
236
        // make sure the current module appears first in the list
237
        if(isset($modules[$this->module]))
238
        {
239
            unset($modules[$this->module]);
240
            $modules = array_merge(array($this->module=>$this->module),$modules);
241
        }
242
243
        return $modules;
244
    }
245
246
    /**
247
     * Perform a search
248
     *
249
     * @param $query string what we are searching for
250
     * @param $offset int search result offset
251
     * @return array
252
     */
253
    public function search($query, $offset = -1, $limit = 20, $options = array())
254
    {
255
        if( isset($options['modules']) && !empty($options['modules']) )
256
            $modules = $options['modules'];
257
        else
258
            $modules = $this->getSearchModules();
259
260
        return $this->_performSearch($query, $modules, $offset, $limit);
261
262
    }
263
	/**
264
     * _performSearch
265
     *
266
	 * Performs the search from the global search field.
267
	 *
268
	 * @param  $query   string what we are searching for
269
	 * @param  $modules array  modules we are searching in
270
	 * @param  $offset  int   search result offset
271
     * @param  $limit  int    search limit
272
	 * @return array
273
	 */
274
    protected function _performSearch($query, $modules, $offset = -1, $limit = 20)
275
    {
276
        if(empty($query)) return array();
277
        $primary_module='';
278
        $results = array();
279
        require_once 'include/SearchForm/SearchForm2.php' ;
280
        $where = '';
281
        $searchEmail = preg_match('/^([^%]|%)*@([^%]|%)*$/', $query);
282
283
        // bug49650 - strip out asterisks from query in case
284
        // user thinks asterisk is a wildcard value
285
        $query = str_replace( '*' , '' , $query );
286
        
287
        $limit = !empty($GLOBALS['sugar_config']['max_spotresults_initial']) ? $GLOBALS['sugar_config']['max_spotresults_initial'] : 5;
288
		if($offset !== -1){
289
			$limit = !empty($GLOBALS['sugar_config']['max_spotresults_more']) ? $GLOBALS['sugar_config']['max_spotresults_more'] : 20;
290
		}
291
    	$totalCounted = empty($GLOBALS['sugar_config']['disable_count_query']);
292
293
294
        foreach($modules as $moduleName)
295
        {
296
            if (empty($primary_module))
297
            {
298
                $primary_module=$moduleName;
299
            }
300
301
            $searchFields = SugarSpot::getSearchFields($moduleName);
302
303
            if (empty($searchFields[$moduleName]))
304
            {
305
                continue;
306
            }
307
308
            $class = $GLOBALS['beanList'][$moduleName];
309
            $return_fields = array();
310
            $seed = new $class();
311
            if(!$seed->ACLAccess('ListView')) continue;
312
313
            if ($class == 'aCase')
314
            {
315
                $class = 'Case';
316
            }
317
318
            foreach($searchFields[$moduleName] as $k=>$v)
319
            {
320
                $keep = false;
321
                $searchFields[$moduleName][$k]['value'] = $query;
322
                if(!empty($searchFields[$moduleName][$k]['force_unifiedsearch']))
323
                {
324
                    continue;
325
                }
326
327
				if(!empty($GLOBALS['dictionary'][$class]['unified_search'])){
328
329
					if(empty($GLOBALS['dictionary'][$class]['fields'][$k]['unified_search'])){
330
331
                        if(isset($searchFields[$moduleName][$k]['db_field']))
332
                        {
333
                            foreach($searchFields[$moduleName][$k]['db_field'] as $field)
334
                            {
335
                                if(!empty($GLOBALS['dictionary'][$class]['fields'][$field]['unified_search']))
336
                                {
337
                                    if(isset($GLOBALS['dictionary'][$class]['fields'][$field]['type']))
338
                                    {
339
                                        if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$field]['type'], $query))
340
                                        {
341
                                            unset($searchFields[$moduleName][$k]);
342
                                            continue;
343
                                        }
344
                                    }
345
346
                                    $keep = true;
347
								}
348
							} //foreach
349
						}
350
                        # Bug 42961 Spot search for custom fields
351
                        if (!$keep && (isset($v['force_unifiedsearch']) == false || $v['force_unifiedsearch'] != true))
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
352
                        {
353
							if(strpos($k,'email') === false || !$searchEmail) {
354
								unset($searchFields[$moduleName][$k]);
355
							}
356
						}
357
					}else{
358
					    if($GLOBALS['dictionary'][$class]['fields'][$k]['type'] == 'int' && !is_numeric($query)) {
359
					        unset($searchFields[$moduleName][$k]);
360
					    }
361
					}
362
				}else if(empty($GLOBALS['dictionary'][$class]['fields'][$k]) ){
363
					//If module did not have unified_search defined, then check the exception for an email search before we unset
364
					if(strpos($k,'email') === false || !$searchEmail)
365
					{
366
					   unset($searchFields[$moduleName][$k]);
367
					}
368
				}else if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$k]['type'], $query)){
369
                    unset($searchFields[$moduleName][$k]);
370
				}
371
			} //foreach
372
373
            //If no search field criteria matched then continue to next module
374
			if (empty($searchFields[$moduleName]))
375
            {
376
                continue;
377
            }
378
379
            if (empty($searchFields[$moduleName])) continue;
380
381
            if(isset($seed->field_defs['name']))
382
            {
383
                $return_fields['name'] = $seed->field_defs['name'];
384
            }
385
386
            foreach($seed->field_defs as $k => $v)
387
            {
388
                if(isset($seed->field_defs[$k]['type']) && ($seed->field_defs[$k]['type'] == 'name') && !isset($return_fields[$k]))
389
                {
390
                    $return_fields[$k] = $seed->field_defs[$k];
391
                }
392
            }
393
394
            if(!isset($return_fields['name']))
395
            {
396
                // if we couldn't find any name fields, try search fields that have name in it
397
                foreach($searchFields[$moduleName] as $k => $v)
398
                {
399
                    if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k]) && !isset($seed->field_defs[$k]['source']))
400
                    {
401
                        $return_fields[$k] = $seed->field_defs[$k];
402
                        break;
403
                    }
404
                }
405
            }
406
407
            if(!isset($return_fields['name']))
408
            {
409
                // last resort - any fields that have 'name' in their name
410
                foreach($seed->field_defs as $k => $v)
411
                {
412
                    if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k])
413
                        && !isset($seed->field_defs[$k]['source'])) {
414
                        $return_fields[$k] = $seed->field_defs[$k];
415
                        break;
416
                    }
417
                }
418
            }
419
420
            if(!isset($return_fields['name']))
421
            {
422
                // FAIL: couldn't find id & name for the module
423
                $GLOBALS['log']->error("Unable to find name for module $moduleName");
424
                continue;
425
            }
426
427
            if(isset($return_fields['name']['fields']))
428
            {
429
                // some names are composite
430
                foreach($return_fields['name']['fields'] as $field)
431
                {
432
                    $return_fields[$field] = $seed->field_defs[$field];
433
                }
434
            }
435
436
437
            $searchForm = new SearchForm ( $seed, $moduleName ) ;
438
            $searchForm->setup (array ( $moduleName => array() ) , $searchFields , '' , 'saved_views' /* hack to avoid setup doing further unwanted processing */ ) ;
0 ignored issues
show
The call to SearchForm::setup() has too many arguments starting with array($moduleName => array()).

This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.

In this case you can add the @ignore PhpDoc annotation to the duplicate definition and it will be ignored.

Loading history...
439
            $where_clauses = $searchForm->generateSearchWhere() ;
440
441
            if(empty($where_clauses))
442
            {
443
                continue;
444
            }
445
            if(count($where_clauses) > 1)
446
            {
447
                $query_parts =  array();
448
449
                $ret_array_start = $seed->create_new_list_query('', '', $return_fields, array(), 0, '', true, $seed, true);
450
                $search_keys = array_keys($searchFields[$moduleName]);
451
452
                foreach($where_clauses as $n => $clause)
453
                {
454
                    $allfields = $return_fields;
455
                    $skey = $search_keys[$n];
456
                    if(isset($seed->field_defs[$skey]))
457
                    {
458
                        // Joins for foreign fields aren't produced unless the field is in result, hence the merge
459
                        $allfields[$skey] = $seed->field_defs[$skey];
460
                    }
461
                    $ret_array = $seed->create_new_list_query('', $clause, $allfields, array(), 0, '', true, $seed, true);
462
                    $query_parts[] = $ret_array_start['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
463
                }
464
                $main_query = "(".join(") UNION (", $query_parts).")";
465
            }
466
            else
467
            {
468
                foreach($searchFields[$moduleName] as $k=>$v)
469
                {
470
                    if(isset($seed->field_defs[$k]))
471
                    {
472
                        $return_fields[$k] = $seed->field_defs[$k];
473
                    }
474
                }
475
                $ret_array = $seed->create_new_list_query('', $where_clauses[0], $return_fields, array(), 0, '', true, $seed, true);
476
                $main_query = $ret_array['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
477
            }
478
479
            $totalCount = null;
480
            if($limit < -1)
481
            {
482
                $result = $seed->db->query($main_query);
483
            }
484
            else
485
            {
486
                if($limit == -1)
487
                {
488
                    $limit = $GLOBALS['sugar_config']['list_max_entries_per_page'];
489
                }
490
491
                if($offset == 'end')
492
                {
493
                    $totalCount = $this->_getCount($seed, $main_query);
494
                    if($totalCount)
495
                    {
496
                        $offset = (floor(($totalCount -1) / $limit)) * $limit;
497
                    } else
498
                    {
499
                        $offset = 0;
500
                    }
501
                }
502
                $result = $seed->db->limitQuery($main_query, $offset, $limit + 1);
503
            }
504
505
            $data = array();
506
            $count = 0;
507
            while($count < $limit && ($row = $seed->db->fetchByAssoc($result)))
508
            {
509
                $temp = clone $seed;
510
                $temp->setupCustomFields($temp->module_dir);
511
                $temp->loadFromRow($row);
512
                $data[] = $temp->get_list_view_data($return_fields);
513
                $count++;
514
            }
515
516
            $nextOffset = -1;
517
            $prevOffset = -1;
518
            $endOffset = -1;
519
520
            if($count >= $limit)
521
            {
522
                $nextOffset = $offset + $limit;
523
            }
524
525
            if($offset > 0)
526
            {
527
                $prevOffset = $offset - $limit;
528
                if($prevOffset < 0) $prevOffset = 0;
529
            }
530
531
            if( $count >= $limit && $totalCounted)
532
            {
533
                if(!isset($totalCount))
534
                {
535
                    $totalCount  = $this->_getCount($seed, $main_query);
536
                }
537
            } else
538
            {
539
                $totalCount = $count + $offset;
540
            }
541
542
            $pageData['offsets'] = array( 'current'=>$offset, 'next'=>$nextOffset, 'prev'=>$prevOffset, 'end'=>$endOffset, 'total'=>$totalCount, 'totalCounted'=>$totalCounted);
543
            $pageData['bean'] = array('objectName' => $seed->object_name, 'moduleDir' => $seed->module_dir);
544
545
            $results[$moduleName] = array("data" => $data, "pageData" => $pageData);
546
        }
547
        return $results;
548
    }
549
550
551
	/**
552
     * Function used to walk the array and find keys that map the queried string.
553
     * if both the pattern and module name is found the promote the string to thet top.
554
     */
555
    protected function _searchKeys($item1, $key, $patterns)
556
    {
557
        //make the module name singular....
558
        if ($patterns[1][strlen($patterns[1])-1] == 's')
559
        {
560
            $patterns[1]=substr($patterns[1],0,(strlen($patterns[1])-1));
561
        }
562
563
        $module_exists = stripos($key,$patterns[1]); //primary module name.
564
        $pattern_exists = stripos($key,$patterns[0]); //pattern provided by the user.
565
        if ($module_exists !== false and $pattern_exists !== false)
566
        {
567
            $GLOBALS['matching_keys']= array_merge(array(array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1)),$GLOBALS['matching_keys']);
568
        }
569
        else
570
        {
571
            if ($pattern_exists !== false)
572
            {
573
                $GLOBALS['matching_keys'][]=array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1);
574
            }
575
        }
576
    }
577
578
579
    /**
580
     * filterSearchType
581
     *
582
     * This is a private function to determine if the search type field should be filtered out based on the query string value
583
     * 
584
     * @param String $type The string value of the field type (e.g. phone, date, datetime, int, etc.)
585
     * @param String $query The search string value sent from the global search
586
     * @return boolean True if the search type fits the query string value; false otherwise
587
     */
588
    protected function filterSearchType($type, $query)
589
    {
590
        switch($type)
591
        {
592
            case 'id':
593
            case 'date':
594
            case 'datetime':
595
            case 'bool':
596
                return false;
597
                break;
0 ignored issues
show
break is not strictly necessary here and could be removed.

The break statement is not necessary if it is preceded for example by a return statement:

switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}

If you would like to keep this construct to be consistent with other case statements, you can safely mark this issue as a false-positive.

Loading history...
598
            case 'int':
599
                if(!is_numeric($query)) {
600
                   return false;
601
                }
602
                break;
603
            case 'phone':
0 ignored issues
show
There must be a comment when fall-through is intentional in a non-empty case body
Loading history...
604
                //For a phone search we require at least three digits
605
                if(!preg_match('/[0-9]{3,}/', $query))
606
                {
607
                    return false;
608
                }
609
            case 'decimal':
610
            case 'float':
611
                if(!preg_match('/[0-9]/', $query))
612
                {
613
                   return false;
614
                }
615
                break;
616
        }
617
        return true;
618
    }
619
620
}