Quick 'n' Dirty Search Plugin

[Searcher]

Then you didn't do it right, because it skips all filters, e.g. running a search is like displaying completely everything

Try to delete all the code between

Code:

$arrFilters = array();

and

Code:

// --- Task order ---------------------------------------------------------

inclusive. So all you have left is

Code:

$objItemList = new ItemStats();
$pSort = ($_REQUEST['sort'])?$_REQUEST['sort']:

alternatively, when you deleted that part, search for any occurrence of $objItemList->addWhere - there shouldn't be any left

[sonvan]

thanks that worked!

[kahmad72]

If i understood it right, the plugin searches for matches in "Title" and "Description" only. How can "Comments" be included?

Thanks

[smith25]

hi.

This is beautiful search. But this also has a major SECURITY Issue directly related to this.

try this.

make 4 or 5 users in your site.

Give 2 users (first 2) access to project A (Project A has list of 20 tasks).

Give 2 users (Second 2) access to Project B (Project B has list of 30 tasks)

Give 1 user no access (third) to any project A or B

Now according to security, First 2 cannot see tasks of project B, and Second 2 users cannot tasks of Project A. and Third user cannot see any tasks.

Now when you have this Search installed..

Second users can just enter 1-20 in the search and lets say tasks 1-20 are part of Project A, which Second users should not have access to.. guess what.. Now if they enter any number between 1-20 in search, they will see the task.. no matter if they even are assigned to that project or not.

defect....
just wanted to let you know
thanks

[Searcher]

Well sure, this was apparent and said up front, the query doesn't check for user perms - that's why it should be accessible to admins only probably

[smuutje]

hello

since i installed the search-plugin, i can't sort the colums anymore.
any idea why?

[carl]

If i understood it right, the plugin searches for matches in "Title" and "Description" only. How can "Comments" be included?

Just to get everything in one thread, the answer to this was posted by David here: http://forum.taskfreak.com/index.php?topic=911.0

[geniium]

hello,

is this working on 0.6.2 ?

and by the way, is the release 1.0 still in progress? Any news?

Thanks for any info.

[carl]

is this working on 0.6.2 ?
and by the way, is the release 1.0 still in progress? Any news?

I'm using it with 0.6.2 and it seems to work fine.  I doubt anyone is currently working on any updates to this.

[crabbesupos]

I have TaskFreak! multi user v0.6.2 installed. Columns are not sortable after Quick 'n' Dirty Search Plugin is installed.

The problem seems to lie at this line (index.php)

$objItemList->addWhere($sqlFilter);

below if ($pSearch) {
$sqlFilter = '(ii.title LIKE \'%'.$pSearch.'%\' OR ii.description LIKE \'%'.$pSearch.'%\')';
}

The idea would be to disable that line with an if statement when sorting commands are made.
(Enable the line only when search string is sent from search box.)

I could'nt figure this yet

[bchristie]

Just as a heads, i would recommend the following:

Code:

$pSearch = isset($_REQUEST['search'])?mysql_real_escape_string($_REQUEST['search']):false;
if ($pSearch) {
  $objItemList->addWhere("(ii.title LIKE '%".$pSearch."%' OR ii.description LIKE '%".$pSearch."%')");
}

Removes the sql injection...

[kilolife]

ugly hack for search in comments too:

Code:

$sqlFilter = '(ii.title LIKE \'%'.$pSearch.'%\' OR ii.description LIKE \'%'.$pSearch.'%\' OR ii.itemId IN (select itemId from frk_itemComment where body LIKE \'%'.$pSearch.'%\') )';