Issues in search.php (3.0) - Issues in 3.0 - thorsten/phpMyFAQ - Measure and Improve Code Quality continuously with Scrutinizer

Issues (421)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

phpmyfaq/search.php (3 issues)

Labels

Bug 3

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * The fulltext search page.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/.
 *
 * @package phpMyFAQ
 * @author Thorsten Rinne <[email protected]>
 * @copyright 2002-2019 phpMyFAQ Team
 * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 * @link https://www.phpmyfaq.de
 * @since 2002-09-16
 */

use phpMyFAQ\Category;
use phpMyFAQ\Filter;
use phpMyFAQ\Helper\CategoryHelper;
use phpMyFAQ\Helper\SearchHelper;
use phpMyFAQ\Helper\TagsHelper;
use phpMyFAQ\Link;
use phpMyFAQ\Pagination;
use phpMyFAQ\Search;
use phpMyFAQ\Search\Resultset;
use phpMyFAQ\Strings;
use phpMyFAQ\Tags;
use phpMyFAQ\User\CurrentUser;

if (!defined('IS_VALID_PHPMYFAQ')) {
    $protocol = 'http';
    if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
        $protocol = 'https';
    }
    header('Location: '.$protocol.'://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
    exit();
}

try {
    $faqSession->userTracking('fulltext_search', 0);
} catch (Exception $e) {
    // @todo handle the exception
}

// Get possible user input
$inputLanguage = Filter::filterInput(INPUT_GET, 'langs', FILTER_SANITIZE_STRING);
$inputCategory = Filter::filterInput(INPUT_GET, 'searchcategory', FILTER_VALIDATE_INT, '%');
$inputSearchTerm = Filter::filterInput(INPUT_GET, 'suchbegriff', FILTER_SANITIZE_STRIPPED);
$inputTag = Filter::filterInput(INPUT_GET, 'tagging_id', FILTER_SANITIZE_STRING);
$inputTag = str_replace(' ', '', $inputTag);
$inputTag = str_replace(',,', ',', $inputTag);

$searchTerm = Filter::filterInput(INPUT_GET, 'search', FILTER_SANITIZE_STRIPPED);
$page = Filter::filterInput(INPUT_GET, 'seite', FILTER_VALIDATE_INT, 1);

// Search only on current language (default)
if (!is_null($inputLanguage)) {
    $allLanguages = true;
    $languages = '&amp;langs=all';
} else {
    $allLanguages = false;
    $languages = '';
}

// HACK: (re)evaluate the Entity object w/o passing the user language
//       so the result set of a Search will have the Entity Path
//       for any of the multilanguage faq records and the Entity list
//       on the left pane will not be affected
if ($allLanguages) {
    $category = new Category($faqConfig);
    $category->transform(0);
}

if (is_null($user)) {
    $user = new CurrentUser($faqConfig);
}

$faqSearch = new Search($faqConfig);
$faqSearchResult = new Resultset($user, $faq, $faqConfig);
$tagging = new Tags($faqConfig);
$tagHelper = new TagsHelper();
$tagSearch = false;

//
// Handle the Tagging ID
//
if (!is_null($inputTag) && '' !== $inputTag) {
    $tagSearch = true;
    $tags = [];
    $tagIds = explode(',', $inputTag);

    $tagHelper->setTaggingIds($tagIds);

    foreach ($tagIds as $tagId) {
        if (!isset($tags[$tagId])) {
            $tags[$tagId] = $tagging->getTagNameById($tagId);
        }
    }

    $recordIds = $tagging->getRecordsByIntersectionTags($tags);

    if (0 === count($recordIds)) {
        $searchResult = '';
    } else {
        $relatedTags = [];

        foreach ($recordIds as $recordId) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
            $resultTags = $tagging->getAllTagsById($recordId);
            foreach ($resultTags as $resultTagId => $resultTagName) {
                if (isset($tags[$resultTagId])) {
                    // if the given tag is in the search term we don't want to list it
                    continue;
                }

                if (isset($relatedTags[$resultTagId])) {
                    ++$relatedTags[$resultTagId];
                } else {
                    $relatedTags[$resultTagId] = 1;
                }
            }
        }

        uasort($relatedTags, function($a, $b) {
            return ($b - $a);
            }
        );
        $numTags = 0;
        $relTags = '';

        foreach ($relatedTags as $tagId => $relevance) {
            $relTags .= $tagHelper->renderRelatedTag($tagId, $tagging->getTagNameById($tagId), $relevance);
            if ($numTags++ > 20) {
                break;
            }
        }
        $searchResult = $faq->renderRecordsByFaqIds($recordIds);
    }
} else {
    $searchResult = '';
}

//
// Handle the full text search stuff
//
if (!is_null($inputSearchTerm) || !is_null($searchTerm)) {
    if (!is_null($inputSearchTerm)) {
        $inputSearchTerm = $faqConfig->getDb()->escape(strip_tags($inputSearchTerm));
    }
    if (!is_null($searchTerm)) {
        $inputSearchTerm = $faqConfig->getDb()->escape(strip_tags($searchTerm));
    }

    $faqSearch->setCategory($category);
    $faqSearch->setCategoryId($inputCategory);

    $searchResults = [];

    try {
        $searchResults = $faqSearch->search($inputSearchTerm, $allLanguages);
    } catch (PMF_Search_Exception $e) {

        // @todo handle the exception
    }

    $faqSearchResult->reviewResultset($searchResults);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

    $inputSearchTerm = stripslashes($inputSearchTerm);
    $faqSearch->logSearchTerm($inputSearchTerm);
}

// Change a little bit the $searchCategory value;
$inputCategory = ('%' == $inputCategory) ? 0 : $inputCategory;

try {
    $faqSession->userTracking('fulltext_search', $inputSearchTerm);
} catch (Exception $e) {
    // @todo handle the exception
}

if (is_numeric($inputSearchTerm) && PMF_SOLUTION_ID_START_VALUE <= $inputSearchTerm &&
    0 < $faqSearchResult->getNumberOfResults() && $faqConfig->get('search.searchForSolutionId')) {

    if ($faqConfig->get('main.enableRewriteRules')) {
        $http->redirect($faqConfig->getDefaultUrl().'solution_id_'.$inputSearchTerm.'.html');
    } else {
        $http->redirect($faqConfig->getDefaultUrl().'index.php?solution_id='.$inputSearchTerm);
    }
    exit();
}

$category->buildTree();

$mostPopularSearchData = $faqSearch->getMostPopularSearches($faqConfig->get('search.numberSearchTerms'));

// Set base URL scheme
if ($faqConfig->get('main.enableRewriteRules')) {
    $baseUrl = sprintf('%ssearch.html?search=%s&amp;seite=%d%s&amp;searchcategory=%d',
        Link::getSystemRelativeUri('index.php'),
        urlencode($inputSearchTerm),
        $page,
        $languages,
        $inputCategory
    );
} else {
    $baseUrl = sprintf('%s?%saction=search&amp;search=%s&amp;seite=%d%s&amp;searchcategory=%d',
        Link::getSystemRelativeUri(),
        empty($sids) ? '' : 'sids='.$sids.'&amp;',
        urlencode($inputSearchTerm),
        $page,
        $languages,
        $inputCategory
    );
}

// Pagination options
$options = array(
    'baseUrl' => $baseUrl,
    'total' => $faqSearchResult->getNumberOfResults(),
    'perPage' => $faqConfig->get('records.numberOfRecordsPerPage'),
    'pageParamName' => 'seite',
    'layoutTpl' => '<div class="text-center"><ul class="pagination">{LAYOUT_CONTENT}</ul></div>',
);

$faqPagination = new Pagination($faqConfig, $options);
$categoryHelper = new CategoryHelper();
$categoryHelper->setCategory($category);

$searchHelper = new SearchHelper($faqConfig);
if (!is_null($inputSearchTerm)) {
    $searchHelper->setSearchterm($inputSearchTerm);
}
$searchHelper->setCategory($category);
$searchHelper->setPagination($faqPagination);
$searchHelper->setPlurals($plr);
$searchHelper->setSessionId($sids);

if ('' == $searchResult && !is_null($inputSearchTerm)) {
    $searchResult = $searchHelper->renderSearchResult($faqSearchResult, $page);
}

if ($tagSearch) {
    $template->parseBlock(
        'writeContent',
        'searchTagsSection',
        [
            'searchTags' => $tagHelper->renderTagList($tags),
        ]
    );
    $template->parseBlock(
        'writeContent',
        'relatedTags',
        [
            'relatedTagsHeader' => $PMF_LANG['msgRelatedTags'],
            'relatedTags' => $relTags,
        ]
    );
} else {
    if ('' === $searchTerm) {
        $template->parseBlock(
            'writeContent',
            'tagListSection',
            [
                'msgTags' => $PMF_LANG['msgPopularTags'],
                'tagList' => $tagging->renderPopularTags(0),
            ]
        );
    }

    $template->parseBlock(
        'writeContent',
        'searchBoxSection',
        [
            'writeSendAdress' => '?'.$sids.'action=search',
            'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
            'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
            'checkedAllLanguages' => $allLanguages ? ' checked' : '',
            'selectCategories' => $PMF_LANG['msgSelectCategories'],
            'allCategories' => $PMF_LANG['msgAllCategories'],
            'printCategoryOptions' => $categoryHelper->renderOptions($inputCategory),
            'msgSearch' => $PMF_LANG['msgSearch']
        ]
    );

    $template->parseBlock(
        'writeContent',
        'popularSearchesSection',
        [
            'msgMostPopularSearches' => $PMF_LANG['msgMostPopularSearches'],
            'printMostPopularSearches' => $searchHelper->renderMostPopularSearches($mostPopularSearchData)
        ]
    );
}

$template->parse(
    'writeContent',
    [
        'msgAdvancedSearch' => ($tagSearch ? $PMF_LANG['msgTagSearch'] : $PMF_LANG['msgAdvancedSearch']),
        'msgSearchWord' => $PMF_LANG['msgSearchWord'],
        /* @deprecated, the following variables will be removed with v3.0 */
        'printResult' => $searchResult,
        'writeSendAdress' => '?'.$sids.'action=search',
        'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
        'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
        'checkedAllLanguages' => $allLanguages ? ' checked' : '',
        'selectCategories' => $PMF_LANG['msgSelectCategories'],
        'allCategories' => $PMF_LANG['msgAllCategories'],
        'printCategoryOptions' => $categoryHelper->renderOptions($inputCategory),
        'msgSearch' => $PMF_LANG['msgSearch'],
        'msgMostPopularSearches' => $PMF_LANG['msgMostPopularSearches'],
        'printMostPopularSearches' => $searchHelper->renderMostPopularSearches($mostPopularSearchData)
    ]
);

$template->parseBlock(
    'index',
    'breadcrumb',
    [
        'breadcrumbHeadline' => ($tagSearch ? $PMF_LANG['msgTagSearch'] : $PMF_LANG['msgAdvancedSearch'])
    ]
);


GitHub Access Token became invalid

Issues (421)

Security Analysis not enabled

phpmyfaq/search.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		/**
4		* The fulltext search page.
5		*
6		* This Source Code Form is subject to the terms of the Mozilla Public License,
7		* v. 2.0. If a copy of the MPL was not distributed with this file, You can
8		* obtain one at http://mozilla.org/MPL/2.0/.
9		*
10		* @package phpMyFAQ
11		* @author Thorsten Rinne <[email protected]>
12		* @copyright 2002-2019 phpMyFAQ Team
13		* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
14		* @link https://www.phpmyfaq.de
15		* @since 2002-09-16
16		*/
17
18		use phpMyFAQ\Category;
19		use phpMyFAQ\Filter;
20		use phpMyFAQ\Helper\CategoryHelper;
21		use phpMyFAQ\Helper\SearchHelper;
22		use phpMyFAQ\Helper\TagsHelper;
23		use phpMyFAQ\Link;
24		use phpMyFAQ\Pagination;
25		use phpMyFAQ\Search;
26		use phpMyFAQ\Search\Resultset;
27		use phpMyFAQ\Strings;
28		use phpMyFAQ\Tags;
29		use phpMyFAQ\User\CurrentUser;
30
31	View Code Duplication	if (!defined('IS_VALID_PHPMYFAQ')) {
32		$protocol = 'http';
33		if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
34		$protocol = 'https';
35		}
36		header('Location: '.$protocol.'://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
37		exit();
38		}
39
40		try {
41		$faqSession->userTracking('fulltext_search', 0);
42		} catch (Exception $e) {
43		// @todo handle the exception
44		}
45
46		// Get possible user input
47		$inputLanguage = Filter::filterInput(INPUT_GET, 'langs', FILTER_SANITIZE_STRING);
48		$inputCategory = Filter::filterInput(INPUT_GET, 'searchcategory', FILTER_VALIDATE_INT, '%');
49		$inputSearchTerm = Filter::filterInput(INPUT_GET, 'suchbegriff', FILTER_SANITIZE_STRIPPED);
50		$inputTag = Filter::filterInput(INPUT_GET, 'tagging_id', FILTER_SANITIZE_STRING);
51		$inputTag = str_replace(' ', '', $inputTag);
52		$inputTag = str_replace(',,', ',', $inputTag);
53
54		$searchTerm = Filter::filterInput(INPUT_GET, 'search', FILTER_SANITIZE_STRIPPED);
55		$page = Filter::filterInput(INPUT_GET, 'seite', FILTER_VALIDATE_INT, 1);
56
57		// Search only on current language (default)
58		if (!is_null($inputLanguage)) {
59		$allLanguages = true;
60		$languages = '&langs=all';
61		} else {
62		$allLanguages = false;
63		$languages = '';
64		}
65
66		// HACK: (re)evaluate the Entity object w/o passing the user language
67		// so the result set of a Search will have the Entity Path
68		// for any of the multilanguage faq records and the Entity list
69		// on the left pane will not be affected
70		if ($allLanguages) {
71		$category = new Category($faqConfig);
72		$category->transform(0);
73		}
74
75		if (is_null($user)) {
76		$user = new CurrentUser($faqConfig);
77		}
78
79		$faqSearch = new Search($faqConfig);
80		$faqSearchResult = new Resultset($user, $faq, $faqConfig);
81		$tagging = new Tags($faqConfig);
82		$tagHelper = new TagsHelper();
83		$tagSearch = false;
84
85		//
86		// Handle the Tagging ID
87		//
88		if (!is_null($inputTag) && '' !== $inputTag) {
89		$tagSearch = true;
90		$tags = [];
91		$tagIds = explode(',', $inputTag);
92
93		$tagHelper->setTaggingIds($tagIds);
94
95		foreach ($tagIds as $tagId) {
96		if (!isset($tags[$tagId])) {
97		$tags[$tagId] = $tagging->getTagNameById($tagId);
98		}
99		}
100
101		$recordIds = $tagging->getRecordsByIntersectionTags($tags);
102
103		if (0 === count($recordIds)) {
104		$searchResult = '';
105		} else {
106		$relatedTags = [];
107
108		foreach ($recordIds as $recordId) {
		0 ignored issues – show Bug introduced 2015-12-05 15:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$recordIds` of type `false\|array` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
109		$resultTags = $tagging->getAllTagsById($recordId);
110		foreach ($resultTags as $resultTagId => $resultTagName) {
111		if (isset($tags[$resultTagId])) {
112		// if the given tag is in the search term we don't want to list it
113		continue;
114		}
115
116		if (isset($relatedTags[$resultTagId])) {
117		++$relatedTags[$resultTagId];
118		} else {
119		$relatedTags[$resultTagId] = 1;
120		}
121		}
122		}
123
124		uasort($relatedTags, function($a, $b) {
125		return ($b - $a);
126		}
127		);
128		$numTags = 0;
129		$relTags = '';
130
131		foreach ($relatedTags as $tagId => $relevance) {
132		$relTags .= $tagHelper->renderRelatedTag($tagId, $tagging->getTagNameById($tagId), $relevance);
133		if ($numTags++ > 20) {
134		break;
135		}
136		}
137		$searchResult = $faq->renderRecordsByFaqIds($recordIds);
138		}
139		} else {
140		$searchResult = '';
141		}
142
143		//
144		// Handle the full text search stuff
145		//
146		if (!is_null($inputSearchTerm) \|\| !is_null($searchTerm)) {
147		if (!is_null($inputSearchTerm)) {
148		$inputSearchTerm = $faqConfig->getDb()->escape(strip_tags($inputSearchTerm));
149		}
150		if (!is_null($searchTerm)) {
151		$inputSearchTerm = $faqConfig->getDb()->escape(strip_tags($searchTerm));
152		}
153
154		$faqSearch->setCategory($category);
155		$faqSearch->setCategoryId($inputCategory);
156
157		$searchResults = [];
158
159		try {
160		$searchResults = $faqSearch->search($inputSearchTerm, $allLanguages);
161		} catch (PMF_Search_Exception $e) {
		0 ignored issues – show Bug introduced 2019-02-23 08:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `PMF_Search_Exception` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
162		// @todo handle the exception
163		}
164
165		$faqSearchResult->reviewResultset($searchResults);
		0 ignored issues – show Bug introduced 2019-02-23 08:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$searchResults` defined by `$faqSearch->search($inpu...rchTerm, $allLanguages)` on line `160` can also be of type `resource`; however, `phpMyFAQ\Search\Resultset::reviewResultset()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
166
167		$inputSearchTerm = stripslashes($inputSearchTerm);
168		$faqSearch->logSearchTerm($inputSearchTerm);
169		}
170
171		// Change a little bit the $searchCategory value;
172		$inputCategory = ('%' == $inputCategory) ? 0 : $inputCategory;
173
174		try {
175		$faqSession->userTracking('fulltext_search', $inputSearchTerm);
176		} catch (Exception $e) {
177		// @todo handle the exception
178		}
179
180		if (is_numeric($inputSearchTerm) && PMF_SOLUTION_ID_START_VALUE <= $inputSearchTerm &&
181		0 < $faqSearchResult->getNumberOfResults() && $faqConfig->get('search.searchForSolutionId')) {
182
183		if ($faqConfig->get('main.enableRewriteRules')) {
184		$http->redirect($faqConfig->getDefaultUrl().'solution_id_'.$inputSearchTerm.'.html');
185		} else {
186		$http->redirect($faqConfig->getDefaultUrl().'index.php?solution_id='.$inputSearchTerm);
187		}
188		exit();
189		}
190
191		$category->buildTree();
192
193		$mostPopularSearchData = $faqSearch->getMostPopularSearches($faqConfig->get('search.numberSearchTerms'));
194
195		// Set base URL scheme
196		if ($faqConfig->get('main.enableRewriteRules')) {
197		$baseUrl = sprintf('%ssearch.html?search=%s&seite=%d%s&searchcategory=%d',
198		Link::getSystemRelativeUri('index.php'),
199		urlencode($inputSearchTerm),
200		$page,
201		$languages,
202		$inputCategory
203		);
204		} else {
205		$baseUrl = sprintf('%s?%saction=search&search=%s&seite=%d%s&searchcategory=%d',
206		Link::getSystemRelativeUri(),
207		empty($sids) ? '' : 'sids='.$sids.'&',
208		urlencode($inputSearchTerm),
209		$page,
210		$languages,
211		$inputCategory
212		);
213		}
214
215		// Pagination options
216		$options = array(
217		'baseUrl' => $baseUrl,
218		'total' => $faqSearchResult->getNumberOfResults(),
219		'perPage' => $faqConfig->get('records.numberOfRecordsPerPage'),
220		'pageParamName' => 'seite',
221		'layoutTpl' => '<div class="text-center"><ul class="pagination">{LAYOUT_CONTENT}</ul></div>',
222		);
223
224		$faqPagination = new Pagination($faqConfig, $options);
225		$categoryHelper = new CategoryHelper();
226		$categoryHelper->setCategory($category);
227
228		$searchHelper = new SearchHelper($faqConfig);
229		if (!is_null($inputSearchTerm)) {
230		$searchHelper->setSearchterm($inputSearchTerm);
231		}
232		$searchHelper->setCategory($category);
233		$searchHelper->setPagination($faqPagination);
234		$searchHelper->setPlurals($plr);
235		$searchHelper->setSessionId($sids);
236
237		if ('' == $searchResult && !is_null($inputSearchTerm)) {
238		$searchResult = $searchHelper->renderSearchResult($faqSearchResult, $page);
239		}
240
241		if ($tagSearch) {
242		$template->parseBlock(
243		'writeContent',
244		'searchTagsSection',
245		[
246		'searchTags' => $tagHelper->renderTagList($tags),
247		]
248		);
249		$template->parseBlock(
250		'writeContent',
251		'relatedTags',
252		[
253		'relatedTagsHeader' => $PMF_LANG['msgRelatedTags'],
254		'relatedTags' => $relTags,
255		]
256		);
257		} else {
258		if ('' === $searchTerm) {
259		$template->parseBlock(
260		'writeContent',
261		'tagListSection',
262		[
263		'msgTags' => $PMF_LANG['msgPopularTags'],
264		'tagList' => $tagging->renderPopularTags(0),
265		]
266		);
267		}
268
269		$template->parseBlock(
270		'writeContent',
271		'searchBoxSection',
272		[
273		'writeSendAdress' => '?'.$sids.'action=search',
274		'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
275		'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
276		'checkedAllLanguages' => $allLanguages ? ' checked' : '',
277		'selectCategories' => $PMF_LANG['msgSelectCategories'],
278		'allCategories' => $PMF_LANG['msgAllCategories'],
279		'printCategoryOptions' => $categoryHelper->renderOptions($inputCategory),
280		'msgSearch' => $PMF_LANG['msgSearch']
281		]
282		);
283
284		$template->parseBlock(
285		'writeContent',
286		'popularSearchesSection',
287		[
288		'msgMostPopularSearches' => $PMF_LANG['msgMostPopularSearches'],
289		'printMostPopularSearches' => $searchHelper->renderMostPopularSearches($mostPopularSearchData)
290		]
291		);
292		}
293
294		$template->parse(
295		'writeContent',
296		[
297		'msgAdvancedSearch' => ($tagSearch ? $PMF_LANG['msgTagSearch'] : $PMF_LANG['msgAdvancedSearch']),
298		'msgSearchWord' => $PMF_LANG['msgSearchWord'],
299		/* @deprecated, the following variables will be removed with v3.0 */
300		'printResult' => $searchResult,
301		'writeSendAdress' => '?'.$sids.'action=search',
302		'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
303		'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
304		'checkedAllLanguages' => $allLanguages ? ' checked' : '',
305		'selectCategories' => $PMF_LANG['msgSelectCategories'],
306		'allCategories' => $PMF_LANG['msgAllCategories'],
307		'printCategoryOptions' => $categoryHelper->renderOptions($inputCategory),
308		'msgSearch' => $PMF_LANG['msgSearch'],
309		'msgMostPopularSearches' => $PMF_LANG['msgMostPopularSearches'],
310		'printMostPopularSearches' => $searchHelper->renderMostPopularSearches($mostPopularSearchData)
311		]
312		);
313
314		$template->parseBlock(
315		'index',
316		'breadcrumb',
317		[
318		'breadcrumbHeadline' => ($tagSearch ? $PMF_LANG['msgTagSearch'] : $PMF_LANG['msgAdvancedSearch'])
319		]
320		);
321

thorsten / phpMyFAQ

GitHub Access Token became invalid

Issues (421)

Security Analysis not enabled

phpmyfaq/search.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like