Improve api_search()

Use dba::p() instead of q()
Move exception to the beginning
Remove useless GROUP BY
Remove useless protect_sprintf()
This commit is contained in:
Pierre Rudloff 2017-12-18 13:35:36 +01:00
parent 4a5d988d8c
commit ee8468affe

View file

@ -1500,7 +1500,10 @@ function api_search($type)
{ {
$data = array(); $data = array();
if (x($_REQUEST, 'q')) { if (!x($_REQUEST, 'q')) {
throw new BadRequestException("q parameter is required.");
}
if (x($_REQUEST, 'rpp')) { if (x($_REQUEST, 'rpp')) {
$count = $_REQUEST['rpp']; $count = $_REQUEST['rpp'];
} elseif (x($_REQUEST, 'count')) { } elseif (x($_REQUEST, 'count')) {
@ -1519,30 +1522,26 @@ function api_search($type)
$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id); $sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
} }
$r = q( $r = dba::p(
"SELECT %s "SELECT ".item_fieldlists()."
FROM `item` %s FROM `item` ".item_joins()."
WHERE %s AND (`item`.`uid` = 0 OR (`item`.`uid` = %s AND NOT `item`.`global`)) WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
AND `item`.`body` REGEXP '%s' AND `item`.`body` REGEXP ?
$sql_extra $sql_extra
AND `item`.`id`>%d AND `item`.`id`>?
GROUP BY `item`.`uri`, `item`.`id` ORDER BY `item`.`id` DESC LIMIT ".intval($start)." ,".intval($count)." ",
ORDER BY `item`.`id` DESC LIMIT %d ,%d ", intval(api_user()),
item_fieldlists(), $_REQUEST['q'],
item_joins(), intval($since_id)
item_condition(),
intval(local_user()),
dbesc(protect_sprintf(preg_quote($_REQUEST['q']))),
intval($since_id),
intval($start),
intval($count)
); );
$data['status'] = api_format_items($r, api_get_user(get_app())); $statuses = array();
} else { while ($row = dba::fetch($r)) {
throw new BadRequestException("q parameter is required."); $statuses[] = $row;
} }
$data['status'] = api_format_items($statuses, api_get_user(get_app()));
return api_format_data("statuses", $type, $data); return api_format_data("statuses", $type, $data);
} }