summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/lib/aurjson.class.php46
1 files changed, 37 insertions, 9 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 06247eb..5794ebc 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -18,9 +18,10 @@ include_once("aur.inc");
**/
class AurJSON {
private $dbh = false;
- private $exposed_methods = array('search','info');
- private $fields = array('ID','Name','Version','CategoryID','Description',
- 'LocationID', 'URL','URLPath','License','NumVotes','OutOfDate');
+ private $exposed_methods = array('search','info','msearch');
+ private $fields = array('Packages.ID','Name','Version','CategoryID',
+ 'Description', 'LocationID', 'URL','URLPath','License','NumVotes',
+ 'OutOfDate');
/**
* Handles post data, and routes the request.
@@ -95,10 +96,9 @@ class AurJSON {
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$query = "SELECT " . implode(',', $this->fields) .
- " FROM Packages WHERE DummyPkg=0 AND ";
- $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )",
- $keyword_string, $keyword_string);
-
+ " FROM Packages WHERE DummyPkg=0 AND " .
+ " ( Name LIKE '%{$keyword_string}%' OR " .
+ " Description LIKE '%{$keyword_string}%' )";
$result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) {
@@ -128,13 +128,13 @@ class AurJSON {
// just using sprintf to coerce the pqd to an int
// should handle sql injection issues, since sprintf will
// bork if not an int, or convert the string to a number 0
- $query_stub = sprintf("ID=%d",$pqdata);
+ $query_stub = "ID={$pqdata}";
}
else {
if(get_magic_quotes_gpc()) {
$pqdata = stripslashes($pqdata);
}
- $query_stub = sprintf("Name=\"%s\"",
+ $query_stub = printf("Name=\"%s\"",
mysql_real_escape_string($pqdata));
}
@@ -158,5 +158,33 @@ class AurJSON {
return $this->json_error('No result found');
}
}
+
+ /**
+ * Returns all the packages for a specific maintainer.
+ * @param $maintainer The name of the maintainer.
+ * @return mixed Returns an array of value data containing the package data
+ **/
+ private function msearch($maintainer) {
+ $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
+ $fields = implode(',', $this->fields);
+
+ $query = "SELECT Users.Username as Maintainer, {$fields} " .
+ " FROM Packages, Users " .
+ " WHERE Packages.MaintainerUID = Users.ID AND " .
+ " Users.Username = '{$maintainer}'";
+ $result = db_query($query, $this->dbh);
+
+ if ( $result && (mysql_num_rows($result) > 0) ) {
+ $packages = array();
+ while ( $row = mysql_fetch_assoc($result) ) {
+ array_push($packages, $row);
+ }
+ mysql_free_result($result);
+ return $this->json_results('msearch', $packages);
+ }
+ else {
+ return $this->json_error('No results found');
+ }
+ }
}