From 705163ee024426bd622d9722b7d18dd0e6920820 Mon Sep 17 00:00:00 2001
From: wei <>
Date: Tue, 24 Apr 2007 07:22:28 +0000
Subject: Fixed scaffold search. But not safe yet.

---
 .../Data/ActiveRecord/Scaffold/TScaffoldSearch.php |  7 +++++--
 framework/Data/Common/TDbCommandBuilder.php        | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

(limited to 'framework')

diff --git a/framework/Data/ActiveRecord/Scaffold/TScaffoldSearch.php b/framework/Data/ActiveRecord/Scaffold/TScaffoldSearch.php
index d1a5980f..e09e99d7 100644
--- a/framework/Data/ActiveRecord/Scaffold/TScaffoldSearch.php
+++ b/framework/Data/ActiveRecord/Scaffold/TScaffoldSearch.php
@@ -95,7 +95,10 @@ class TScaffoldSearch extends TScaffoldBase
 	{
 		$table = $this->getTableInfo();
 		if(strlen($str=$this->getSearchText()->getText()) > 0)
-			return $table->getSearchRegExpCriteria($this->getFields(), $str);
+		{
+			$builder = $table->createCommandBuilder($this->getRecordFinder()->getDbConnection());
+			return $builder->getSearchExpression($this->getFields(), $str);
+		}
 	}
 
 	/**
@@ -106,7 +109,7 @@ class TScaffoldSearch extends TScaffoldBase
 		if(strlen(trim($str=$this->getSearchableFields()))>0)
 			$fields = preg_split('/\s*,\s*/', $str);
 		else
-			$fields = array_keys($this->getTableInfo()->getColumns());
+			$fields = $this->getTableInfo()->getColumns()->getKeys();
 		return $fields;
 	}
 
diff --git a/framework/Data/Common/TDbCommandBuilder.php b/framework/Data/Common/TDbCommandBuilder.php
index 3a08d890..440d579d 100644
--- a/framework/Data/Common/TDbCommandBuilder.php
+++ b/framework/Data/Common/TDbCommandBuilder.php
@@ -116,6 +116,28 @@ class TDbCommandBuilder extends TComponent
 		return $sql;
 	}
 
+	/**
+	 * NOT SAFE YET!
+	 */
+	public function getSearchExpression($fields, $keywords)
+	{
+		if(strlen(trim($keywords)) == 0) return '';
+		$words = preg_split('/\s/', preg_quote($keywords, '\''));
+		$result = array();
+		foreach($fields as $field)
+		{
+			$column = $this->getTableInfo()->getColumn($field)->getColumnName();
+			$result[] = $this->getRegexpCriteriaStr($column, $words);
+		}
+		return '('.implode(' OR ', $result).')';
+	}
+
+	protected function getRegexpCriteriaStr($column, $words)
+	{
+		$regexp = implode('|', $words);
+		return "({$column} REGEXP  '{$regexp}')";
+	}
+
 	/**
 	 * Computes the SQL condition for search a set of column using regular expression
 	 * to match a string of keywords. The implementation should only uses columns
-- 
cgit v1.2.3