search fix FS#395

This patch fixes FS#395 and another bug in the fulltext search
which accepts single '+' and '-' signs as search input.

darcs-hash:20050617113855-7ef76-368041107843f805c9ab539253ddc17eb617be61.gz

1 files changed, 15 insertions, 10 deletions

diff --git a/inc/search.php b/inc/search.php
index e61d04491..949ecc878 100644
--- a/inc/search.php
+++ b/inc/search.php
@@ -216,15 +216,16 @@ function search_pagename(&$data,$base,$file,$type,$lvl,$opts){
   if(!preg_match('#\.txt$#',$file)) return true;
 
   //simple stringmatching 
-  if(strpos($file,$opts['query']) !== false){
-    //check ACL
-    $id = pathID($file);
-    if(auth_quickaclcheck($id) < AUTH_READ){
-      return false;
-    } 
-    $data[]['id'] = $id;
+  if (!empty($opts['query'])){
+    if(strpos($file,$opts['query']) !== false){
+      //check ACL
+      $id = pathID($file);
+      if(auth_quickaclcheck($id) < AUTH_READ){
+        return false;
+      } 
+      $data[]['id'] = $id;
+    }
   }
-
   return true;
 }
 
@@ -302,10 +303,14 @@ function search_fulltext(&$data,$base,$file,$type,$lvl,$opts){
   foreach($qpreg as $word){
     switch(substr($word,0,1)){
       case '-':
-        array_push($negwords,preg_quote(substr($word,1),'#'));
+        if(strlen($word) > 1){  // catch single '-'
+          array_push($negwords,preg_quote(substr($word,1),'#'));
+        }
         break;
       case '+':
-        array_push($poswords,preg_quote(substr($word,1),'#'));
+        if(strlen($word) > 1){  // catch single '+'
+          array_push($poswords,preg_quote(substr($word,1),'#'));
+        }
         break;
       default:
         array_push($poswords,preg_quote($word,'#'));