use POST when building search results, see #1026

This commit is contained in:
Shish 2024-02-09 10:50:07 +00:00
parent 443ba12002
commit c44822ec47
17 changed files with 22 additions and 32 deletions

View file

@ -772,9 +772,7 @@ function make_form(string $target, string $method = "POST", bool $multipart = fa
{ {
global $user; global $user;
if ($method == "GET") { if ($method == "GET") {
$link = html_escape($target); die("make_form: GET method is not supported");
$target = make_link($target);
$extra_inputs = "<input type='hidden' name='q' value='$link'>";
} else { } else {
$extra_inputs = $user->get_auth_html(); $extra_inputs = $user->get_auth_html();
} }

View file

@ -25,7 +25,7 @@ class AutoTaggerTheme extends Themelet
"; ";
$bulk_html = " $bulk_html = "
".make_form(make_link("auto_tag/import"), 'post', true)." ".make_form(make_link("auto_tag/import"), 'POST', true)."
<input type='file' name='auto_tag_file'> <input type='file' name='auto_tag_file'>
<input type='submit' value='Upload List'> <input type='submit' value='Upload List'>
</form> </form>

View file

@ -101,7 +101,7 @@ class CommentListTheme extends Themelet
$html = ' $html = '
Delete comments by IP. Delete comments by IP.
<br><br>'.make_form(make_link("comment/bulk_delete"), 'POST')." <br><br>'.make_form(make_link("comment/bulk_delete"))."
<table class='form'> <table class='form'>
<tr><th>IP&nbsp;Address</th> <td><input type='text' name='ip' size='15'></td></tr> <tr><th>IP&nbsp;Address</th> <td><input type='text' name='ip' size='15'></td></tr>
<tr><td colspan='2'><input type='submit' value='Delete'></td></tr> <tr><td colspan='2'><input type='submit' value='Delete'></td></tr>

View file

@ -37,9 +37,8 @@ EOD
$contact_link = empty($contact_link) ? "" : "<br><a href='$contact_link'>Contact</a> &ndash;"; $contact_link = empty($contact_link) ? "" : "<br><a href='$contact_link'>Contact</a> &ndash;";
$search_html = " $search_html = "
<div class='space' id='search'> <div class='space' id='search'>
<form action='".search_link()."' method='GET'> <form action='".search_link()."' method='POST'>
<input name='search' size='30' type='search' value='' class='autocomplete_tags' autofocus='autofocus' /> <input name='search' size='30' type='search' value='' class='autocomplete_tags' autofocus='autofocus' />
<input type='hidden' name='q' value='/post/list'>
<input type='submit' value='Search'/> <input type='submit' value='Search'/>
</form> </form>
</div> </div>

View file

@ -28,9 +28,9 @@ class Index extends Extension
{ {
global $cache, $config, $page, $user; global $cache, $config, $page, $user;
if ($event->page_matches("post/list")) { if ($event->page_matches("post/list")) {
if (isset($_GET['search'])) { if (isset($_POST['search'])) {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(search_link(Tag::explode($_GET['search'], false))); $page->set_redirect(search_link(Tag::explode($_POST['search'], false)));
return; return;
} }

View file

@ -89,9 +89,8 @@ and of course start organising your images :-)
$h_search_string = html_escape(Tag::implode($search_terms)); $h_search_string = html_escape(Tag::implode($search_terms));
$h_search_link = search_link(); $h_search_link = search_link();
$h_search = " $h_search = "
<p><form action='$h_search_link' method='GET'> <p><form action='$h_search_link' method='POST'>
<input type='search' name='search' value='$h_search_string' placeholder='Search' class='autocomplete_tags' /> <input type='search' name='search' value='$h_search_string' placeholder='Search' class='autocomplete_tags' />
<input type='hidden' name='q' value='/post/list'>
<input type='submit' value='Find' style='display: none;' /> <input type='submit' value='Find' style='display: none;' />
</form> </form>
"; ";

View file

@ -236,9 +236,9 @@ class Pools extends Extension
{ {
global $config, $database, $page, $user; global $config, $database, $page, $user;
if ($event->page_matches("pool/list")) { //index if ($event->page_matches("pool/list")) { //index
if (isset($_GET['search']) and $_GET['search'] != null) { if (isset($_POST['search']) and $_POST['search'] != null) {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link('pool/list').'/'.$_GET['search'].'/'.strval($event->try_page_num(1))); $page->set_redirect(make_link('pool/list').'/'.url_escape($_POST['search']).'/'.strval($event->try_page_num(1)));
return; return;
} }
if (count($event->args) >= 4) { // Assume first 2 args are search and page num if (count($event->args) >= 4) { // Assume first 2 args are search and page num

View file

@ -133,10 +133,9 @@ class PoolsTheme extends Themelet
SHM_A("pool/updated", "Pool Changes") SHM_A("pool/updated", "Pool Changes")
); );
$search = "<form action='".make_link('pool/list')."' method='GET'> $search = "<form action='".make_link('pool/list')."' method='POST'>
<input name='search' type='text' style='width:75%'> <input name='search' type='text' style='width:75%'>
<input type='submit' value='Go' style='width:20%'> <input type='submit' value='Go' style='width:20%'>
<input type='hidden' name='q' value='pool/list'>
</form>"; </form>";
$page->add_block(new NavBlock()); $page->add_block(new NavBlock());

View file

@ -14,15 +14,15 @@ class RandomList extends Extension
global $config, $page; global $config, $page;
if ($event->page_matches("random")) { if ($event->page_matches("random")) {
if (isset($_GET['search'])) { if (isset($_POST['search'])) {
// implode(explode()) to resolve aliases and sanitise // implode(explode()) to resolve aliases and sanitise
$search = url_escape(Tag::implode(Tag::explode($_GET['search'], false))); $search = url_escape(Tag::implode(Tag::explode($_POST['search'], false)));
if (empty($search)) { if (empty($search)) {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("random")); $page->set_redirect(make_link("random"));
} else { } else {
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link('random/'.$search)); $page->set_redirect(make_link('random/'.url_escape($search)));
} }
return; return;
} }

View file

@ -53,7 +53,6 @@ class RandomListTheme extends Themelet
$h_search = " $h_search = "
<p><form action='$h_search_link' method='GET'> <p><form action='$h_search_link' method='GET'>
<input type='search' name='search' value='$h_search_string' placeholder='Search random list' class='autocomplete_tags' /> <input type='search' name='search' value='$h_search_string' placeholder='Search random list' class='autocomplete_tags' />
<input type='hidden' name='q' value='/random'>
<input type='submit' value='Find' style='display: none;' /> <input type='submit' value='Find' style='display: none;' />
</form> </form>
"; ";

View file

@ -26,7 +26,7 @@ class ResizeImageTheme extends Themelet
} }
$html = rawHTML(" $html = rawHTML("
".make_form(make_link("resize/{$image->id}"), 'POST')." ".make_form(make_link("resize/{$image->id}"))."
<input type='hidden' name='image_id' value='{$image->id}'> <input type='hidden' name='image_id' value='{$image->id}'>
<input id='original_width' name='original_width' type='hidden' value='{$image->width}'> <input id='original_width' name='original_width' type='hidden' value='{$image->width}'>
<input id='original_height' name='original_height' type='hidden' value='{$image->height}'> <input id='original_height' name='original_height' type='hidden' value='{$image->height}'>

View file

@ -66,7 +66,7 @@ class SourceHistoryTheme extends Themelet
Revert source changes by a specific IP address or username, optionally limited to recent changes. Revert source changes by a specific IP address or username, optionally limited to recent changes.
'.$validation_msg.' '.$validation_msg.'
<br><br>'.make_form(make_link("source_history/bulk_revert"), 'POST')." <br><br>'.make_form(make_link("source_history/bulk_revert"))."
<table class='form'> <table class='form'>
<tr><th>Username</th> <td><input type='text' name='revert_name' size='15'></td></tr> <tr><th>Username</th> <td><input type='text' name='revert_name' size='15'></td></tr>
<tr><th>IP&nbsp;Address</th> <td><input type='text' name='revert_ip' size='15'></td></tr> <tr><th>IP&nbsp;Address</th> <td><input type='text' name='revert_ip' size='15'></td></tr>

View file

@ -32,7 +32,7 @@ class TagEditTheme extends Themelet
public function mss_html(string $terms): string public function mss_html(string $terms): string
{ {
$h_terms = html_escape($terms); $h_terms = html_escape($terms);
$html = make_form(make_link("tag_edit/mass_source_set"), "POST") . " $html = make_form(make_link("tag_edit/mass_source_set")) . "
<input type='hidden' name='tags' value='$h_terms'> <input type='hidden' name='tags' value='$h_terms'>
<input type='text' name='source' value=''> <input type='text' name='source' value=''>
<input type='submit' value='Set Source For All' onclick='return confirm(\"This will mass-edit all sources on the page.\\nAre you sure you want to do this?\")'> <input type='submit' value='Set Source For All' onclick='return confirm(\"This will mass-edit all sources on the page.\\nAre you sure you want to do this?\")'>

View file

@ -98,8 +98,7 @@ class ViewPostTheme extends Themelet
{ {
$h_pin = $this->build_pin($image); $h_pin = $this->build_pin($image);
$h_search = " $h_search = "
<p><form action='".make_link()."' method='GET'> <p><form action='".search_link()."' method='POST'>
<input type='hidden' name='q' value='/post/list'>
<input type='search' name='search' placeholder='Search' class='autocomplete_tags'> <input type='search' name='search' placeholder='Search' class='autocomplete_tags'>
<input type='submit' value='Find' style='display: none;'> <input type='submit' value='Find' style='display: none;'>
</form> </form>

View file

@ -47,11 +47,10 @@ class CustomIndexTheme extends IndexTheme
protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string
{ {
$h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms));
$h_search_link = make_link(); $h_search_link = search_link();
return " return "
<p><form action='$h_search_link' method='GET'> <p><form action='$h_search_link' method='POST'>
<input name='search' type='text' value='$h_search_string' class='autocomplete_tags' placeholder='Search' /> <input name='search' type='text' value='$h_search_string' class='autocomplete_tags' placeholder='Search' />
<input type='hidden' name='q' value='/post/list'>
<input type='submit' value='Find' style='display: none;' /> <input type='submit' value='Find' style='display: none;' />
</form> </form>
<div id='search_completions'></div>"; <div id='search_completions'></div>";

View file

@ -31,12 +31,11 @@ class CustomIndexTheme extends IndexTheme
protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string
{ {
$h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms));
$h_search_link = make_link(); $h_search_link = search_link();
return " return "
<p><form action='$h_search_link' method='GET'> <p><form action='$h_search_link' method='POST'>
<input name='search' type='text' value='$h_search_string' class='autocomplete_tags' placeholder='' style='width:75%'/> <input name='search' type='text' value='$h_search_string' class='autocomplete_tags' placeholder='' style='width:75%'/>
<input type='submit' value='Go' style='width:20%'> <input type='submit' value='Go' style='width:20%'>
<input type='hidden' name='q' value='/post/list'>
</form> </form>
<div id='search_completions'></div>"; <div id='search_completions'></div>";
} }

View file

@ -71,10 +71,9 @@ class CustomViewPostTheme extends ViewPostTheme
{ {
//$h_pin = $this->build_pin($image); //$h_pin = $this->build_pin($image);
$h_search = " $h_search = "
<form action='".make_link()."' method='GET'> <form action='".search_link()."' method='POST'>
<input name='search' type='text' style='width:75%'> <input name='search' type='text' style='width:75%'>
<input type='submit' value='Go' style='width:20%'> <input type='submit' value='Go' style='width:20%'>
<input type='hidden' name='q' value='/post/list'>
</form> </form>
"; ";