From 325347a268af8c2587916b5e4f359ffedc758b89 Mon Sep 17 00:00:00 2001
From: elij <elij.mx@gmail.com>
Date: Sun, 27 Sep 2009 20:59:56 -0700
Subject: Add maintainer search to json interface. Closes FS#15947

Fix for maintainer search ticket: FS#15947
Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html

Fixed some problems with selecting the proper data fields in the
original patch. - Loui

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
---
 web/lib/aurjson.class.php | 46 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 37 insertions(+), 9 deletions(-)

(limited to 'web/lib/aurjson.class.php')

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 06247eb..5794ebc 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -18,9 +18,10 @@ include_once("aur.inc");
  **/
 class AurJSON {
     private $dbh = false;
-    private $exposed_methods = array('search','info');
-    private $fields = array('ID','Name','Version','CategoryID','Description',
-        'LocationID', 'URL','URLPath','License','NumVotes','OutOfDate');
+    private $exposed_methods = array('search','info','msearch');
+    private $fields = array('Packages.ID','Name','Version','CategoryID',
+	'Description', 'LocationID', 'URL','URLPath','License','NumVotes',
+	'OutOfDate');
 
     /**
      * Handles post data, and routes the request.
@@ -95,10 +96,9 @@ class AurJSON {
         $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
 
         $query = "SELECT " . implode(',', $this->fields) .
-            " FROM Packages WHERE DummyPkg=0 AND ";
-        $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )",
-                $keyword_string, $keyword_string);
-
+            " FROM Packages WHERE DummyPkg=0 AND " .
+            "  ( Name LIKE '%{$keyword_string}%' OR " .
+            "    Description LIKE '%{$keyword_string}%' )";
         $result = db_query($query, $this->dbh);
 
         if ( $result && (mysql_num_rows($result) > 0) ) {
@@ -128,13 +128,13 @@ class AurJSON {
             // just using sprintf to coerce the pqd to an int
             // should handle sql injection issues, since sprintf will
             // bork if not an int, or convert the string to a number 0
-            $query_stub = sprintf("ID=%d",$pqdata);
+            $query_stub = "ID={$pqdata}";
         }
         else {
             if(get_magic_quotes_gpc()) {
                 $pqdata = stripslashes($pqdata);
             }
-            $query_stub = sprintf("Name=\"%s\"",
+            $query_stub = printf("Name=\"%s\"",
                 mysql_real_escape_string($pqdata));
         }
 
@@ -158,5 +158,33 @@ class AurJSON {
             return $this->json_error('No result found');
         }
     }
+
+    /**
+     * Returns all the packages for a specific maintainer.
+     * @param $maintainer The name of the maintainer.
+     * @return mixed Returns an array of value data containing the package data
+     **/
+    private function msearch($maintainer) {
+        $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
+        $fields = implode(',', $this->fields);
+
+        $query = "SELECT Users.Username as Maintainer, {$fields} " .
+            " FROM Packages, Users " .
+            "        WHERE Packages.MaintainerUID = Users.ID AND " .
+            "              Users.Username = '{$maintainer}'";
+        $result = db_query($query, $this->dbh);
+
+        if ( $result && (mysql_num_rows($result) > 0) ) {
+            $packages = array();
+            while ( $row = mysql_fetch_assoc($result) ) {
+                array_push($packages, $row);
+            }
+            mysql_free_result($result);
+            return $this->json_results('msearch', $packages);
+        }
+        else {
+            return $this->json_error('No results found');
+        }
+    }
 }
 
-- 
cgit v1.2.3-54-g00ecf