From ef8fab0c12f567acac80c050f44db38111f00104 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Tue, 1 Mar 2011 11:56:33 -0600
Subject: Ensure all variables are set in package search form

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/pkgfuncs.inc | 34 +++++++++++++---------------------
 1 file changed, 13 insertions(+), 21 deletions(-)

(limited to 'web/lib/pkgfuncs.inc')

diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index ef8c20f..0fbe310 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -463,24 +463,23 @@ function pkg_search_page($SID="") {
 
 	// TODO: possibly do string matching on category
 	//       to make request variable values more sensible
-	if (intval($_GET["C"])) {
+	if (isset($_GET["C"]) && intval($_GET["C"])) {
 		$q.= "AND Packages.CategoryID = ".intval($_GET["C"])." ";
 	}
 
-	if ($_GET['K']) {
+	if (isset($_GET['K'])) {
 		$_GET['K'] = mysql_real_escape_string(trim($_GET['K']));
+
 		# Search by maintainer
-		if ($_GET["SeB"] == "m") {
+		if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
 			$q.= "AND Users.Username = '".$_GET['K']."' ";
 		}
 		# Search by submitter
-		elseif ($_GET["SeB"] == "s") {
-			// FIXME: this shouldn't be making 2 queries
-			//        kill the call to uid_from_username
+		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") {
 			$q.= "AND SubmitterUID = ".uid_from_username($_GET['K'])." ";
 		# Search by name
 		}
-		elseif ($_GET["SeB"] == "n") {
+		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") {
 			$q.= "AND (Name LIKE '%".$_GET['K']."%') ";
 		}
 		# Search by name and description (Default)
@@ -490,7 +489,7 @@ function pkg_search_page($SID="") {
 		}
 	}
 
-	if ($_GET["do_Orphans"]) {
+	if (isset($_GET["do_Orphans"]) && $_GET["do_Orphans"] == 'Orphans') {
 		$q.= "AND MaintainerUID IS NULL ";
 	}
 
@@ -503,37 +502,32 @@ function pkg_search_page($SID="") {
 		}
 	}
 
-	$order = $_GET["SO"] == 'd' ? 'DESC' : 'ASC';
+	$order = (isset($_GET["SO"]) && $_GET["SO"] == 'd') ? 'DESC' : 'ASC';
 
 	$q_sort = "ORDER BY Name ".$order.", CategoryID DESC ";
-	switch ($_GET["SB"]) {
+	$sort_by = isset($_GET["SB"]) ? $_GET["SB"] : '';
+	switch ($sort_by) {
 	case 'c':
 		$q_sort = "ORDER BY CategoryID ".$order.", Name ASC ";
-		$_GET["SB"] = 'c';
 		break;
 	case 'v':
 		$q_sort = "ORDER BY NumVotes ".$order.", Name ASC, CategoryID DESC ";
-		$_GET["SB"] = 'v';
 		break;
 	case 'w':
 		if ($SID) {
 			$q_sort = "ORDER BY Voted ".$order.", Name ASC, CategoryID DESC ";
 		}
-		$_GET["SB"] = 'w';
 		break;
 	case 'o':
 		if ($SID) {
 			$q_sort = "ORDER BY Notify ".$order.", Name ASC, CategoryID DESC ";
 		}
-		$_GET["SB"] = 'o';
 		break;
 	case 'm':
 		$q_sort = "ORDER BY Maintainer ".$order.", Name ASC ";
-		$_GET["SB"] = 'm';
 		break;
 	case 'a':
 		$q_sort = "ORDER BY GREATEST(SubmittedTS,ModifiedTS) ".$order.", Name ASC ";
-		$_GET["SB"] = 'a';
 		break;
 	default:
 		break;
@@ -547,13 +541,11 @@ function pkg_search_page($SID="") {
 	$total = mysql_result(db_query('SELECT FOUND_ROWS() AS Total', $dbh), 0);
 
 	if ($result && $total > 0) {
-		if ($_GET["SO"] == "d"){
-			$SO_next="a";
-			$_GET["SO"] = 'd';
+		if (isset($_GET["SO"]) && $_GET["SO"] == "d"){
+			$SO_next = "a";
 		}
 		else {
-			$SO_next="d";
-			$_GET["SO"] = 'a';
+			$SO_next = "d";
 		}
 	}
 
-- 
cgit v1.2.3-54-g00ecf