Public/infopump
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security updates to settings.php

Browse Source
This commit is contained in:
Daniel Messer
2025-10-08 16:00:29 -05:00
parent e85c7fd578
commit 0830311340
3 changed files with 242 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

289
recent.php
View File

@@ -2,80 +2,131 @@
include_once "settings.php";
// Get and use a basic title search for pulling records.
$keywordsearch = htmlspecialchars($_GET["kw"]);
$authorsearch = htmlspecialchars($_GET["au"]);
$typesearch = htmlspecialchars($_GET["ty"]);
// Initialize variables
$keywordsearch = '';
$authorsearch = '';
$typesearch = '';
$searchtopic = '';
$searchtype = '';
$socialkw = mb_convert_case($keywordsearch, MB_CASE_TITLE, "UTF-8");
$socialau = mb_convert_case($authorsearch, MB_CASE_TITLE, "UTF-8");
$socialty = mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8");
if (!empty($keywordsearch)) {
$searchtopic = 'Keyword: '.$socialkw;
} elseif (!empty($authorsearch)) {
$searchtopic = 'Author: '.$socialau;
} else {
$searchtopic = 'Type: '.$socialty;
// Sanitize and validate input
if (!empty($_GET["kw"])) {
$keywordsearch = trim($_GET["kw"]);
$searchtopic = 'Keyword: ' . htmlspecialchars($keywordsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'keyword';
} elseif (!empty($_GET["au"])) {
$authorsearch = trim($_GET["au"]);
$searchtopic = 'Author: ' . htmlspecialchars($authorsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'author';
} elseif (!empty($_GET["ty"])) {
$typesearch = trim($_GET["ty"]);
$searchtopic = 'Type: ' . htmlspecialchars(mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
$searchtype = 'type';
}
// If no valid search parameter, redirect to index
if (empty($searchtype)) {
header('Location: index.php');
exit;
}
// -------------------- BEGIN DATABASE QUERIES --------------------
// Establish atabase connection
$db = new SQLite3('metadata.sqlite');
// Establish database connection
try {
$db = new SQLite3('metadata.sqlite');
$db->enableExceptions(true);
} catch (Exception $e) {
error_log("Database connection error: " . $e->getMessage());
die("Database connection failed");
}
$keywordquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
INNER JOIN
tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE '%$keywordsearch%'
OR books.author_sort LIKE '%$keywordsearch%'
OR comments.text LIKE '%$keywordsearch%'
OR tags.name LIKE '%$keywordsearch%'
ORDER BY books.timestamp DESC");
// Prepare the appropriate query based on search type
$results = null;
$authorquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
WHERE books.author_sort LIKE '%$authorsearch%'
ORDER BY books.timestamp DESC");
switch ($searchtype) {
case 'keyword':
$searchPattern = '%' . $keywordsearch . '%';
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_tags_link ON books_tags_link.book = books.id
INNER JOIN tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE :search
OR books.author_sort LIKE :search
OR comments.text LIKE :search
OR tags.name LIKE :search
ORDER BY books.timestamp DESC
LIMIT 100");
$stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
break;
case 'author':
$searchPattern = '%' . $authorsearch . '%';
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_tags_link ON books_tags_link.book = books.id
WHERE books.author_sort LIKE :search
ORDER BY books.timestamp DESC
LIMIT 100");
$stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
break;
case 'type':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE custom_column_1.value = :search
ORDER BY books.timestamp DESC
LIMIT 100");
$stmt->bindValue(':search', $typesearch, SQLITE3_TEXT);
break;
}
$typequery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN
custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE
custom_column_1.value = '$typesearch'
ORDER BY books.timestamp DESC");
// Execute query and handle errors
try {
$results = $stmt->execute();
} catch (Exception $e) {
error_log("Query execution error: " . $e->getMessage());
$results = null;
}
// Get types for menu
try {
$types = $db->query("SELECT value FROM custom_column_1 ORDER BY value ASC");
} catch (Exception $e) {
error_log("Types query error: " . $e->getMessage());
$types = null;
}
// Build social media URLs safely
$socialUrl = '';
switch ($searchtype) {
case 'keyword':
$socialUrl = $SiteURL . '/recent.php?kw=' . urlencode($keywordsearch);
break;
case 'author':
$socialUrl = $SiteURL . '/recent.php?au=' . urlencode($authorsearch);
break;
case 'type':
$socialUrl = $SiteURL . '/recent.php?ty=' . urlencode($typesearch);
break;
}
$types = $db->query("SELECT
value
FROM custom_column_1
ORDER BY value ASC");
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
@@ -84,9 +135,9 @@ ORDER BY value ASC");
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Infopump - Recently Added - <?php echo $searchtopic; ?></title>
<title>Infopump - Recently Added - <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Free HTML5 Template by FREEHTML5.CO" />
<meta name="description" content="Recently added items for <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" />
<meta name="author" content="FREEHTML5.CO" />
@@ -105,33 +156,14 @@ ORDER BY value ASC");
-->
<!-- Facebook and Twitter integration -->
<meta property="og:title" content=<?php echo '"'.$SiteName.' - Recently Added - '.$searchtopic.'" />';?>
<meta property="og:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<?php
if (!empty($keywordsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/recent.php?kw='.$socialkw.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/recent.php?kw='.$socialkw.'" />';
} elseif (!empty($authorsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/recent.php?au='.$socialau.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/recent.php?au='.$socialau.'" />';
} else {
echo '<meta property="og:url" content="'.$SiteURL.'/recent.php?ty='.$socialty.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/recent.php?ty='.$socialty.'" />';
}
?>
<meta property="og:site_name" content=<?php echo '"'.$SiteName.' - Recently Added" />';?>
<meta property="og:description" content=<?php echo '"'.$SubName.'" />';?>
<meta name="twitter:title" content=<?php echo '"'.$SiteName.' - Recently Added - '.$searchtopic.'" />';?>
<meta name="twitter:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<meta property="og:title" content="<?php echo htmlspecialchars($SiteName . ' - Recently Added - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
<meta property="og:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:site_name" content="<?php echo htmlspecialchars($SiteName . ' - Recently Added', ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:description" content="<?php echo htmlspecialchars($SubName, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="twitter:title" content="<?php echo htmlspecialchars($SiteName . ' - Recently Added - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="twitter:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
<meta name="twitter:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="twitter:card" content="summary" />
<!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
@@ -144,10 +176,8 @@ ORDER BY value ASC");
<link rel="stylesheet" href="css/icomoon.css">
<!-- Bootstrap -->
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css">
<!-- Modernizr JS -->
<script src="js/modernizr-2.6.2.min.js"></script>
<!-- FOR IE9 below -->
@@ -165,7 +195,7 @@ ORDER BY value ASC");
</figure>
<h3 class="heading">About the Project</h3>
<a href="index.php"><h2>Infopump</h2></a>
<p>A bibliographic management and display system.</p>
<p>A bibliographic management and display system.<br /><a href="about.php">More info</a></p>
<hr>
<p>A free, open source project from:<br />
<a href="https://rss.com/podcasts/l0wl1f3podcast/">The L0WL1F3 Podcast</a><br />
@@ -173,8 +203,8 @@ ORDER BY value ASC");
<a href="https://cyberpunklibrarian.com">Cyberpunk Librarian</a>
</p>
<ul class="fh5co-social">
<!--<li><a href="#"><i class="icon-twitter"></i></a></li>-->
<!--<li><a href="#"><i class="icon-facebook"></i></a></li>
<!--<li><a href="#"><i class="icon-twitter"></i></a></li>
<li><a href="#"><i class="icon-facebook"></i></a></li>
<li><a href="#"><i class="icon-instagram"></i></a></li>-->
</ul>
</div>
@@ -184,22 +214,22 @@ ORDER BY value ASC");
<h3 class="heading">Recent Additions</h3>
<ul>
<?php
while ($row = $types->fetchArray()) {
$row_value = $row['value'];
$row_titlecase = mb_convert_case($row_value, MB_CASE_TITLE, "UTF-8");
echo '<li><a href="recent.php?ty='.$row_value.'">'.$row_titlecase.'</a></li>';
//echo '<li>'.$row_value.'</li>';
if ($types) {
while ($row = $types->fetchArray(SQLITE3_ASSOC)) {
$row_value = htmlspecialchars($row['value'], ENT_QUOTES, 'UTF-8');
$row_titlecase = htmlspecialchars(mb_convert_case($row['value'], MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
echo '<li><a href="recent.php?ty=' . urlencode($row['value']) . '">' . $row_titlecase . '</a></li>';
}
}
?>
</ul>
</div>
<div class="fh5co-box">
<h3 class="heading">Search</h3>
<form action="results.php" method="get">
<div class="form-group">
<input type="text" class="form-control" name="kw" placeholder="Keyword search">
<input type="text" class="form-control" name="kw" placeholder="Keyword search" maxlength="100">
</div>
</form>
</div>
@@ -219,7 +249,7 @@ ORDER BY value ASC");
<li><a href="#"><i class="icon-instagram"></i></a></li>
</ul> -->
<div class="col-lg-12 col-md-12 text-center">
<h1 id="fh5co-logo"><a href="index.php">Recently Added<br /><br /><?php echo $searchtopic; ?></a></h1>
<h1 id="fh5co-logo"><a href="index.php">Recently Added<br /><br /><?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></a></h1>
</div>
</div>
@@ -235,31 +265,26 @@ ORDER BY value ASC");
<div class="row rp-b">
<div class="col-md-12 animate-box">
<?php
if ($keywordsearch != '') {
while ($row = $keywordquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
if ($results) {
$hasResults = false;
while ($row = $results->fetchArray(SQLITE3_ASSOC)) {
$hasResults = true;
$row_id = (int)$row['id'];
$row_title = htmlspecialchars($row['title'], ENT_QUOTES, 'UTF-8');
$row_excerpt = htmlspecialchars(strip_tags($row['excerpt']), ENT_QUOTES, 'UTF-8');
echo '<p style="padding:25px 0 35px 0;">';
echo '<img style="float:left; max-height: 120px; padding: 10px 10px" src="images/' . $row_id . '.jpg" alt="' . $row_title . '">';
echo '<strong><em><a href="itemrecord.php?itemid=' . $row_id . '">' . $row_title . '</a></em> :</strong> ';
echo $row_excerpt . '...</p>';
}
if (!$hasResults) {
echo '<p>No recent items found.</p>';
}
} else {
echo '<p>An error occurred while retrieving recent items. Please try again.</p>';
}
} elseif ($typesearch != '') {
while ($row = $typequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} else {
while ($row = $authorquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
}
?>
</div>
</div>
@@ -270,7 +295,7 @@ ORDER BY value ASC");
</div>
<footer id="fh5co-footer">
<p><small>&copy; Creative Commons By-NC-SA<br> Design by <a href="http://freehtml5.co" target="_blank">FREEHTML5.co</a></small></p>
<p><small>&copy; Creative Commons By-NC-SA<br> Design by <a href="http://freehtml5.co" target="_blank">FREEHTML5.co</a></small></p>
</footer>
<!-- jQuery -->
@@ -287,3 +312,7 @@ ORDER BY value ASC");
</body>
</html>
<?php
// Close database connection
$db->close();
?>