web/search/index.php

<?php
// Init
error_reporting(NULL);
session_start();
$TAB = 'SEARCH';
$_SESSION['back'] = $_SERVER['REQUEST_URI'];
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

// Check query
$q = $_GET['q'];
if (empty($q)) {
    $back=getenv("HTTP_REFERER");
    if (!empty($back)) {
        header("Location: ".$back);
        exit;
    }
    header("Location: /");
    exit;
}

// Header
include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');

// Panel
top_panel($user,$TAB);

$lang = 'ru_RU.utf8';
//setlocale(LC_ALL, $lang);

// Data
$q = escapeshellarg($q);
if ($_SESSION['user'] == 'admin') {
    exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);
    $data = json_decode(implode('', $output), true);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');
} else {
    exec (VESTA_CMD."v-search-user-object ".$user." ".$q." json", $output, $return_var);
    $data = json_decode(implode('', $output), true);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html');
}

// Footer
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
added sreach wrapper 2012-09-27 20:30:09 +03:00			`<?php`
			`// Init`
			`error_reporting(NULL);`
			`session_start();`
added admin search 2012-09-29 01:55:51 +03:00			`$TAB = 'SEARCH';`
implemented admin/user search 2012-10-01 17:29:49 +03:00			`$_SESSION['back'] = $_SERVER['REQUEST_URI'];`
added sreach wrapper 2012-09-27 20:30:09 +03:00			`include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");`

added admin search 2012-09-29 01:55:51 +03:00			`// Check query`
			`$q = $_GET['q'];`
			`if (empty($q)) {`
Revert "[SECURITY] Fix OS command injection." 2015-12-11 21:14:49 +02:00			`$back=getenv("HTTP_REFERER");`
added admin search 2012-09-29 01:55:51 +03:00			`if (!empty($back)) {`
Revert "[SECURITY] Fix OS command injection." 2015-12-11 21:14:49 +02:00			`header("Location: ".$back);`
added admin search 2012-09-29 01:55:51 +03:00			`exit;`
			`}`
			`header("Location: /");`
added sreach wrapper 2012-09-27 20:30:09 +03:00			`exit;`
			`}`

added admin search 2012-09-29 01:55:51 +03:00			`// Header`
			`include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');`
added sreach wrapper 2012-09-27 20:30:09 +03:00
added admin search 2012-09-29 01:55:51 +03:00			`// Panel`
			`top_panel($user,$TAB);`

i18n support 2013-01-22 18:43:07 +02:00			`$lang = 'ru_RU.utf8';`
Rusian languaje on Search page Comented Set Locale ru_RU.utf8 , now is on the correct languaje setting 2014-07-26 03:48:44 -06:00			`//setlocale(LC_ALL, $lang);`
i18n support 2013-01-22 18:43:07 +02:00
added admin search 2012-09-29 01:55:51 +03:00			`// Data`
Flatta's security fixes from PullRequest #516 2015-12-11 21:32:07 +02:00			`$q = escapeshellarg($q);`
added admin search 2012-09-29 01:55:51 +03:00			`if ($_SESSION['user'] == 'admin') {`
Revert "[SECURITY] Fix OS command injection." 2015-12-11 21:14:49 +02:00			`exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);`
			`$data = json_decode(implode('', $output), true);`
added admin search 2012-09-29 01:55:51 +03:00			`include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');`
			`} else {`
Revert "[SECURITY] Fix OS command injection." 2015-12-11 21:14:49 +02:00			`exec (VESTA_CMD."v-search-user-object ".$user." ".$q." json", $output, $return_var);`
			`$data = json_decode(implode('', $output), true);`
implemented admin/user search 2012-10-01 17:29:49 +03:00			`include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html');`
added admin search 2012-09-29 01:55:51 +03:00			`}`

			`// Footer`
			`include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');`