Added support to search for full phrases instead of words only

- Added function to automatically remove MagicQuotes
2025-09-25 18:59:12 +02:00 · 2011-09-21 13:30:27 +02:00 · 2011-09-21 13:30:27 +02:00 · 5dea27098a
commit 5dea27098a
parent 8fa9d2b70e
5 changed files with 52 additions and 8 deletions
--- a/6
+++ b/6
@ -13,6 +13,12 @@ Version 3.2.2 (stable), ????-??-??
 - Fixed error in parsing include/exclude filters for numeric fields 
  in report admin panel. Changes in the main filter parser were 
  also necessary to fix this issue.
+- Added function to automatically remove MagicQuotes (performed if 
+  the php "magic_quotes_gpc" is on). 
+- Added support to search for full phrases instead of words only. Kindly
+  use Quotes to mark the start and end of a phrase, for example: 
+  "Search for this"	// Searches for full phrase
+  -"Search for this"	// Excludes full phrase
 ---------------------------------------------------------------------------
 Version 3.2.1 (stable), 2011-04-12
 - Fixed timezone parsing in GetEventTime function. This caused problems 
--- a/src/classes/logstream.class.php
+++ b/src/classes/logstream.class.php
@ -278,6 +278,7 @@ abstract class LogStream {

 		// Parse Filters from string 
 		$this->ParseFilters($finalfilters);
+
 		return SUCCESS;	
 	}
 
@ -598,7 +599,10 @@ abstract class LogStream {

 		if ( isset($szFilters) && strlen($szFilters) > 0 )
 		{
-			$tmpEntries = explode(" ", $szFilters);
+//OLD			$tmpEntries = explode(" ", $szFilters);
+			// Use RegEx for intelligent splitting
+			$szFilterRgx = '/[,\s]++(?=(?:(?:[^"]*+"){2})*+[^"]*+$)(?=(?:(?:[^\']*+\'){2})*+[^\']*+$)(?=(?:[^()]*+\([^()]*+\))*+[^()]*+$)/x';
+			$tmpEntries = preg_split($szFilterRgx, $szFilters, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
 			foreach($tmpEntries as $myEntry) 
 			{
 				// Continue if empty filter!
@ -630,7 +634,7 @@ abstract class LogStream {
 							$tmpValues[] = array( FILTER_TMP_MODE => $this->SetFilterIncludeMode($myValueEntry), FILTER_TMP_VALUE => $myValueEntry );
 						}
 					}
-					
+
 					// Handle filter based
 					switch( $tmpArray[FILTER_TMP_KEY] )
 					{
@ -1047,9 +1051,13 @@ abstract class LogStream {
 					
 					// Replace "\:" with ":", so we can filter with it ^^
 					if ( strpos($myEntry, ":") !== false ) 
-						$this->_filters[SYSLOG_MESSAGE][$iNum][FILTER_VALUE] = str_replace("\\:", ":", $myEntry);
-					else
-						$this->_filters[SYSLOG_MESSAGE][$iNum][FILTER_VALUE] = $myEntry;
+						$myEntry = str_replace("\\:", ":", $myEntry);
+
+					// Check for Begin and Ending Quotes and remove them from the search value!
+					$myEntry = preg_replace('/\\\\\\"/i', "$1", $myEntry);
+
+					// Assign value to filter array
+					$this->_filters[SYSLOG_MESSAGE][$iNum][FILTER_VALUE] = $myEntry; 
 				}
 			}
 		}
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@ -196,6 +196,10 @@ function InitPhpLogCon()
 	InitPhpDebugMode();
 	// --- 

+	// --- Check and Remove Magic Quotes!
+	RemoveMagicQuotes(); 
+	// ---
+
 	// Finally defined PHPLOGCON_INITIALIZED!
 	define( 'PHPLOGCON_INITIALIZED', TRUE );
 }
@ -577,6 +581,28 @@ function CheckAndSetRunMode()
 	// --- 
 }

+/*
+*	This helper function removes all magic quotes from input Parameters!
+*/
+function RemoveMagicQuotes()
+{
+	if (get_magic_quotes_gpc()) {
+		$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
+		while (list($key, $val) = each($process)) {
+			foreach ($val as $k => $v) {
+				unset($process[$key][$k]);
+				if (is_array($v)) {
+					$process[$key][stripslashes($k)] = $v;
+					$process[] = &$process[$key][stripslashes($k)];
+				} else {
+					$process[$key][stripslashes($k)] = stripslashes($v);
+				}
+			}
+		}
+		unset($process);
+	}
+}
+
 function InitRuntimeInformations()
 {
 	global $gl_root_path, $content;
@ -1483,7 +1509,7 @@ function ReverseResolveIP( $szIP, $prepend, $append )
 	{
 		// Resolve name if needed
 		if ( !isset($_SESSION['dns_cache'][$szIP]) ) 
-			$_SESSION['dns_cache'][$szIP] = gethostbyaddr($szIP);
+			$_SESSION['dns_cache'][$szIP] = @gethostbyaddr($szIP); // Suppress error messages by gethostbyaddr
 		
 		// Abort if IP and RESOLVED name are the same ^^!
 		if ( $_SESSION['dns_cache'][$szIP] == $szIP || strlen($_SESSION['dns_cache'][$szIP]) <= 0 )
--- a/src/index.php
+++ b/src/index.php
@ -112,6 +112,7 @@ $content['main_pager_last_found'] = false;
 // Init Sorting variables
 $content['sorting'] = "";
 $content['searchstr'] = "";
+$content['searchstr_htmlform'] = "";
 $content['highlightstr'] = "";
 $content['EXPAND_HIGHLIGHT'] = "false";

@ -139,7 +140,10 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
 	{
 		// Message is just appended
 		if ( isset($myfilter) && strlen($myfilter) > 0 )
+		{
 			$content['searchstr'] = $myfilter;
+			$content['searchstr_htmlform'] = htmlspecialchars($myfilter);
+		}
 	}

 	if ( strlen($content['highlightstr']) > 0 ) 
--- a/src/templates/index.html
+++ b/src/templates/index.html
@ -34,7 +34,7 @@
 <!-- ENDIF EnablePredefinedSearches="true" -->
 	<td align="center" nowrap valign="top">
 	<td nowrap align="center" nowrap valign="top">
-		<input maxlength="2048" name="filter" size="80" title="Search" value="{searchstr}" class="SearchFormTextbox">
+		<input maxlength="2048" name="filter" size="80" title="Search" value="{searchstr_htmlform}" class="SearchFormTextbox">
 		<br>
 <!-- IF enabledoraclesearchstr="true" -->
 	<a href="{oraclesearchlink}" target="_top">
@ -108,7 +108,7 @@
 				<td align="right">
 					<input type="hidden" name="op" value="export">
 					<input type="hidden" name="uid" value="{uid_original}">
-					<input type="hidden" name="filter" value="{searchstr}">
+					<input type="hidden" name="filter" value="{searchstr_htmlform}">
 					<!-- IF skipone="true" -->
 					<input type="hidden" name="skipone" value="true">
 					<!-- ENDIF skipone="true" -->