From a9e4c4bdb38963ad0e85c2deb2cae30409b1c644 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 11:00:18 +0000 Subject: [PATCH] use POST when building search results, see #1026 --- core/util.php | 4 +--- ext/auto_tagger/theme.php | 2 +- ext/comment/theme.php | 2 +- ext/home/theme.php | 3 +-- ext/index/main.php | 4 ++-- ext/index/theme.php | 3 +-- ext/pools/main.php | 4 ++-- ext/pools/theme.php | 3 +-- ext/random_list/main.php | 6 +++--- ext/random_list/theme.php | 1 - ext/resize/theme.php | 2 +- ext/source_history/theme.php | 2 +- ext/tag_edit/theme.php | 2 +- ext/view/theme.php | 3 +-- themes/danbooru/index.theme.php | 5 ++--- themes/danbooru2/index.theme.php | 5 ++--- themes/danbooru2/view.theme.php | 3 +-- 17 files changed, 22 insertions(+), 32 deletions(-) diff --git a/core/util.php b/core/util.php index 67a3403c..2fe46641 100644 --- a/core/util.php +++ b/core/util.php @@ -772,9 +772,7 @@ function make_form(string $target, string $method = "POST", bool $multipart = fa { global $user; if ($method == "GET") { - $link = html_escape($target); - $target = make_link($target); - $extra_inputs = ""; + die("make_form: GET method is not supported"); } else { $extra_inputs = $user->get_auth_html(); } diff --git a/ext/auto_tagger/theme.php b/ext/auto_tagger/theme.php index abe99281..138a085d 100644 --- a/ext/auto_tagger/theme.php +++ b/ext/auto_tagger/theme.php @@ -25,7 +25,7 @@ class AutoTaggerTheme extends Themelet "; $bulk_html = " - ".make_form(make_link("auto_tag/import"), 'post', true)." + ".make_form(make_link("auto_tag/import"), 'POST', true)." diff --git a/ext/comment/theme.php b/ext/comment/theme.php index b5bf49cf..14ad0ec8 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -101,7 +101,7 @@ class CommentListTheme extends Themelet $html = ' Delete comments by IP. -

'.make_form(make_link("comment/bulk_delete"), 'POST')." +

'.make_form(make_link("comment/bulk_delete"))." diff --git a/ext/home/theme.php b/ext/home/theme.php index 97d33087..fa8662ef 100644 --- a/ext/home/theme.php +++ b/ext/home/theme.php @@ -37,9 +37,8 @@ EOD $contact_link = empty($contact_link) ? "" : "
Contact –"; $search_html = " diff --git a/ext/index/main.php b/ext/index/main.php index ed929800..77e9bfb5 100644 --- a/ext/index/main.php +++ b/ext/index/main.php @@ -28,9 +28,9 @@ class Index extends Extension { global $cache, $config, $page, $user; if ($event->page_matches("post/list")) { - if (isset($_GET['search'])) { + if (isset($_POST['search'])) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(search_link(Tag::explode($_GET['search'], false))); + $page->set_redirect(search_link(Tag::explode($_POST['search'], false))); return; } diff --git a/ext/index/theme.php b/ext/index/theme.php index 5d5a1a8a..8ef6802d 100644 --- a/ext/index/theme.php +++ b/ext/index/theme.php @@ -89,9 +89,8 @@ and of course start organising your images :-) $h_search_string = html_escape(Tag::implode($search_terms)); $h_search_link = search_link(); $h_search = " -

+

- "; diff --git a/ext/pools/main.php b/ext/pools/main.php index 6a556676..b8c52f11 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -236,9 +236,9 @@ class Pools extends Extension { global $config, $database, $page, $user; if ($event->page_matches("pool/list")) { //index - if (isset($_GET['search']) and $_GET['search'] != null) { + if (isset($_POST['search']) and $_POST['search'] != null) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('pool/list').'/'.$_GET['search'].'/'.strval($event->try_page_num(1))); + $page->set_redirect(make_link('pool/list').'/'.url_escape($_POST['search']).'/'.strval($event->try_page_num(1))); return; } if (count($event->args) >= 4) { // Assume first 2 args are search and page num diff --git a/ext/pools/theme.php b/ext/pools/theme.php index 30c13144..32dd48d2 100644 --- a/ext/pools/theme.php +++ b/ext/pools/theme.php @@ -133,10 +133,9 @@ class PoolsTheme extends Themelet SHM_A("pool/updated", "Pool Changes") ); - $search = "
+ $search = " - "; $page->add_block(new NavBlock()); diff --git a/ext/random_list/main.php b/ext/random_list/main.php index 693ba43d..aa819843 100644 --- a/ext/random_list/main.php +++ b/ext/random_list/main.php @@ -14,15 +14,15 @@ class RandomList extends Extension global $config, $page; if ($event->page_matches("random")) { - if (isset($_GET['search'])) { + if (isset($_POST['search'])) { // implode(explode()) to resolve aliases and sanitise - $search = url_escape(Tag::implode(Tag::explode($_GET['search'], false))); + $search = url_escape(Tag::implode(Tag::explode($_POST['search'], false))); if (empty($search)) { $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("random")); } else { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('random/'.$search)); + $page->set_redirect(make_link('random/'.url_escape($search))); } return; } diff --git a/ext/random_list/theme.php b/ext/random_list/theme.php index bec7a133..5cc19d81 100644 --- a/ext/random_list/theme.php +++ b/ext/random_list/theme.php @@ -53,7 +53,6 @@ class RandomListTheme extends Themelet $h_search = "

- "; diff --git a/ext/resize/theme.php b/ext/resize/theme.php index 04900c96..36cbef8a 100644 --- a/ext/resize/theme.php +++ b/ext/resize/theme.php @@ -26,7 +26,7 @@ class ResizeImageTheme extends Themelet } $html = rawHTML(" - ".make_form(make_link("resize/{$image->id}"), 'POST')." + ".make_form(make_link("resize/{$image->id}"))." diff --git a/ext/source_history/theme.php b/ext/source_history/theme.php index 5bb01ba2..5523c9f7 100644 --- a/ext/source_history/theme.php +++ b/ext/source_history/theme.php @@ -66,7 +66,7 @@ class SourceHistoryTheme extends Themelet Revert source changes by a specific IP address or username, optionally limited to recent changes. '.$validation_msg.' -

'.make_form(make_link("source_history/bulk_revert"), 'POST')." +

'.make_form(make_link("source_history/bulk_revert"))."

IP Address
diff --git a/ext/tag_edit/theme.php b/ext/tag_edit/theme.php index 8ef6eeac..4fc40111 100644 --- a/ext/tag_edit/theme.php +++ b/ext/tag_edit/theme.php @@ -32,7 +32,7 @@ class TagEditTheme extends Themelet public function mss_html(string $terms): string { $h_terms = html_escape($terms); - $html = make_form(make_link("tag_edit/mass_source_set"), "POST") . " + $html = make_form(make_link("tag_edit/mass_source_set")) . " diff --git a/ext/view/theme.php b/ext/view/theme.php index 4e53c5cf..c375b6e0 100644 --- a/ext/view/theme.php +++ b/ext/view/theme.php @@ -98,8 +98,7 @@ class ViewPostTheme extends Themelet { $h_pin = $this->build_pin($image); $h_search = " -

- +

diff --git a/themes/danbooru/index.theme.php b/themes/danbooru/index.theme.php index 80f00517..f9b4272d 100644 --- a/themes/danbooru/index.theme.php +++ b/themes/danbooru/index.theme.php @@ -47,11 +47,10 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = make_link(); + $h_search_link = search_link(); return " -

+

-

"; diff --git a/themes/danbooru2/index.theme.php b/themes/danbooru2/index.theme.php index 6f7d9808..2ab78117 100644 --- a/themes/danbooru2/index.theme.php +++ b/themes/danbooru2/index.theme.php @@ -31,12 +31,11 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = make_link(); + $h_search_link = search_link(); return " -

+

-

"; } diff --git a/themes/danbooru2/view.theme.php b/themes/danbooru2/view.theme.php index 30bb9bd8..bd737a90 100644 --- a/themes/danbooru2/view.theme.php +++ b/themes/danbooru2/view.theme.php @@ -71,10 +71,9 @@ class CustomViewPostTheme extends ViewPostTheme { //$h_pin = $this->build_pin($image); $h_search = " - + - ";
Username
IP Address