1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-26 00:37:43 +03:00
Files
libxml2/doc/search.php
Daniel Veillard 73b2d73df8 Avoid XSS on the search of xmlsoft.org
query string need to be escaped before being displayed back
2015-07-03 20:58:33 +08:00

478 lines
19 KiB
PHP

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="SHORTCUT ICON" href="/favicon.ico">
<style type="text/css"><!--
TD {font-family: Verdana,Arial,Helvetica}
BODY {font-family: Verdana,Arial,Helvetica; margin-top: 2em; margin-left: 0em; margin-right: 0em}
H1 {font-family: Verdana,Arial,Helvetica}
H2 {font-family: Verdana,Arial,Helvetica}
H3 {font-family: Verdana,Arial,Helvetica}
A:link, A:visited, A:active { text-decoration: underline }
--></style>
<title>Search the documentation on XMLSoft.org</title>
</head>
<body bgcolor="#8b7765" text="#000000" link="#000000" vlink="#000000">
<table border="0" width="100%" cellpadding="5" cellspacing="0" align="center"><tr>
<td width="180">
<a href="http://www.gnome.org/"><img src="gnome2.png" alt="Gnome2 Logo"></a><a href="http://www.w3.org/Status"><img src="w3c.png" alt="W3C Logo"></a><a href="http://www.redhat.com/"><img src="redhat.gif" alt="Red Hat Logo"></a><div align="left"><a href="http://xmlsoft.org/"><img src="Libxml2-Logo-180x168.gif" alt="Made with Libxml2 Logo"></a></div>
</td>
<td><table border="0" width="90%" cellpadding="2" cellspacing="0" align="center" bgcolor="#000000"><tr><td><table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#fffacd"><tr><td align="center">
<h1>The XML C library for Gnome</h1>
<h2>Search engine</h2>
</td></tr></table></td></tr></table></td>
</tr></table>
<table border="0" cellpadding="4" cellspacing="0" width="100%" align="center"><tr><td bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr>
<td valign="top" width="200" bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="1" width="100%" bgcolor="#000000"><tr><td>
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr><td colspan="1" bgcolor="#eecfa1" align="center"><center><b>Main Menu</b></center></td></tr>
<tr><td bgcolor="#fffacd"><ul>
<li><a href="index.html">Home</a></li>
<li><a href="intro.html">Introduction</a></li>
<li><a href="FAQ.html">FAQ</a></li>
<li><a href="docs.html">Documentation</a></li>
<li><a href="bugs.html">Reporting bugs and getting help</a></li>
<li><a href="help.html">How to help</a></li>
<li><a href="downloads.html">Downloads</a></li>
<li><a href="news.html">News</a></li>
<li><a href="XMLinfo.html">XML</a></li>
<li><a href="XSLT.html">XSLT</a></li>
<li><a href="python.html">Python and bindings</a></li>
<li><a href="architecture.html">libxml architecture</a></li>
<li><a href="tree.html">The tree output</a></li>
<li><a href="interface.html">The SAX interface</a></li>
<li><a href="xmldtd.html">Validation &amp; DTDs</a></li>
<li><a href="xmlmem.html">Memory Management</a></li>
<li><a href="encoding.html">Encodings support</a></li>
<li><a href="xmlio.html">I/O Interfaces</a></li>
<li><a href="catalog.html">Catalog support</a></li>
<li><a href="library.html">The parser interfaces</a></li>
<li><a href="entities.html">Entities or no entities</a></li>
<li><a href="namespaces.html">Namespaces</a></li>
<li><a href="upgrade.html">Upgrading 1.x code</a></li>
<li><a href="threads.html">Thread safety</a></li>
<li><a href="DOM.html">DOM Principles</a></li>
<li><a href="example.html">A real example</a></li>
<li><a href="contribs.html">Contributions</a></li>
<li><a href="tutorial/index.html">Tutorial</a></li>
<li>
<a href="xml.html">flat page</a>, <a href="site.xsl">stylesheet</a>
</li>
</ul></td></tr>
</table>
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr><td colspan="1" bgcolor="#eecfa1" align="center"><center><b>API Indexes</b></center></td></tr>
<tr><td bgcolor="#fffacd"><ul>
<li><a href="APIchunk0.html">Alphabetic</a></li>
<li><a href="APIconstructors.html">Constructors</a></li>
<li><a href="APIfunctions.html">Functions/Types</a></li>
<li><a href="APIfiles.html">Modules</a></li>
<li><a href="APIsymbols.html">Symbols</a></li>
</ul></td></tr>
</table>
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr><td colspan="1" bgcolor="#eecfa1" align="center"><center><b>Related links</b></center></td></tr>
<tr><td bgcolor="#fffacd"><ul>
<li><a href="http://mail.gnome.org/archives/xml/">Mail archive</a></li>
<li><a href="http://xmlsoft.org/XSLT/">XSLT libxslt</a></li>
<li><a href="http://phd.cs.unibo.it/gdome2/">DOM gdome2</a></li>
<li><a href="http://www.aleksey.com/xmlsec/">XML-DSig xmlsec</a></li>
<li><a href="ftp://xmlsoft.org/">FTP</a></li>
<li><a href="http://ww.zlatkovic.com/projects/libxml/">Windows binaries</a></li>
<li><a href="http://garypennington.net/libxml2/">Solaris binaries</a></li>
<li><a href="http://www.zveno.com/open_source/libxml2xslt.html">MacOsX binaries</a></li>
<li><a href="http://sourceforge.net/projects/libxml2-pas/">Pascal bindings</a></li>
<li><a href="http://bugzilla.gnome.org/buglist.cgi?product=libxml&amp;product=libxml2">Bug Tracker</a></li>
</ul></td></tr>
</table>
</td></tr></table></td>
<td valign="top" bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="1" width="100%"><tr><td><table border="0" cellspacing="0" cellpadding="1" width="100%" bgcolor="#000000"><tr><td><table border="0" cellpadding="3" cellspacing="1" width="100%"><tr><td bgcolor="#fffacd">
<?php
$query = $HTTP_GET_VARS[ "query" ];
$scope = $HTTP_GET_VARS[ "scope" ];
// We handle only the first argument so far
$query = $_GET['query'];
$query = ltrim ($query);
if (! $query) {
echo "<h1 align='center'>Search the documentation on XMLSoft.org</h1>";
}
if ($scope == NULL)
$scope = "any";
$scope = ltrim ($scope);
if ($scope == "")
$scope = "any";
$querystr = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
?>
<p> The search service indexes the libxml2 and libxslt APIs and documentation as well as the xml@gnome.org and xslt@gnome.org mailing-list archives. To use it simply provide a set of keywords:
<p>
<form action="<?php echo "$PHP_SELF", "?query=", rawurlencode($query) ?>"
enctype="application/x-www-form-urlencoded" method="GET">
<input name="query" type="TEXT" size="50" value="<?php echo $querystr?>">
<select name="scope">
<option value="any">Search All</option>
<option value="XML" <?php if ($scope == 'XML') print "selected"?>>XML resources</option>
<option value="XSLT" <?php if ($scope == 'XSLT') print "selected"?>>XSLT resources</option>
<option value="API" <?php if ($scope == 'API') print "selected"?>>Only the APIs</option>
<option value="XMLAPI" <?php if ($scope == 'XMLAPI') print "selected"?>>Only the XML API</option>
<option value="XSLTAPI" <?php if ($scope == 'XSLTAPI') print "selected"?>>Only the XSLT API</option>
<option value="DOCS" <?php if ($scope == 'DOCS') print "selected"?>>Only the Documentation</option>
<option value="XMLDOC" <?php if ($scope == 'XMLDOC') print "selected"?>>Only the XML Documentation</option>
<option value="XSLTDOC" <?php if ($scope == 'XSLTDOC') print "selected"?>>Only the XSLT Documentation</option>
<option value="LISTS" <?php if ($scope == 'LISTS') print "selected"?>>Only the lists archives</option>
<option value="XMLLIST" <?php if ($scope == 'XMLLIST') print "selected"?>>Only the XML list archive</option>
<option value="XSLTLIST" <?php if ($scope == 'XSLTLIST') print "selected"?>>Only the XSLT list archive</option>
</select>
<input name=submit type=submit value="Search ...">
</form>
<?php
function logQueryWord($word) {
$result = mysql_query ("SELECT ID,Count FROM Queries WHERE Value='$word'");
if ($result) {
$i = mysql_num_rows($result);
if ($i == 0) {
mysql_free_result($result);
mysql_query ("INSERT INTO Queries (Value,Count) VALUES ('$word',1)");
} else {
$id = mysql_result($result, 0, 0);
$count = mysql_result($result, 0, 1);
$count ++;
mysql_query ("UPDATE Queries SET Count=$count WHERE ID=$id");
}
} else {
mysql_query ("INSERT INTO Queries (Value,Count) VALUES ('$word',1)");
}
}
function queryWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT words.relevance, symbols.name, symbols.type, symbols.module, symbols.descr FROM words, symbols WHERE LCASE(words.name) LIKE LCASE('$word') and words.symbol = symbols.name ORDER BY words.relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function queryHTMLWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT relevance, name, id, resource, section FROM wordsHTML WHERE LCASE(name) LIKE LCASE('$word') ORDER BY relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function queryArchiveWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT wordsArchive.relevance, wordsArchive.name, 'xml-list', archives.resource, archives.title FROM wordsArchive, archives WHERE LCASE(wordsArchive.name) LIKE LCASE('$word') and wordsArchive.ID = archives.ID ORDER BY relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function XSLTqueryWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT XSLTwords.relevance, XSLTsymbols.name, XSLTsymbols.type, XSLTsymbols.module, XSLTsymbols.descr FROM XSLTwords, XSLTsymbols WHERE LCASE(XSLTwords.name) LIKE LCASE('$word') and XSLTwords.symbol = XSLTsymbols.name ORDER BY XSLTwords.relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function XSLTqueryHTMLWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT relevance, name, id, resource, section FROM XSLTwordsHTML WHERE LCASE(name) LIKE LCASE('$word') ORDER BY relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function XSLTqueryArchiveWord($word) {
$result = NULL;
$j = 0;
if ($word) {
$result = mysql_query ("SELECT XSLTwordsArchive.relevance, XSLTwordsArchive.name, 'xslt-list', archives.resource, archives.title FROM XSLTwordsArchive, archives WHERE LCASE(XSLTwordsArchive.name) LIKE LCASE('$word') and XSLTwordsArchive.ID = archives.ID ORDER BY relevance DESC LIMIT 75");
if ($result) {
$j = mysql_num_rows($result);
if ($j == 0)
mysql_free_result($result);
}
logQueryWord($word);
}
return array($result, $j);
}
function resSort ($a, $b) {
list($ra,$ta,$ma,$na,$da) = $a;
list($rb,$tb,$mb,$nb,$db) = $b;
if ($ra == $rb) return 0;
return ($ra > $rb) ? -1 : 1;
}
if (($query) && (strlen($query) <= 50)) {
$link = mysql_connect ("localhost", "nobody");
if (!$link) {
echo "<p> Could not connect to the database: ", mysql_error();
} else {
mysql_select_db("xmlsoft", $link);
$list = explode (" ", $query);
$results = array();
$number = 0;
for ($number = 0;$number < count($list);$number++) {
$word = $list[$number];
if (($scope == 'any') || ($scope == 'XML') ||
($scope == 'API') || ($scope == 'XMLAPI')) {
list($result, $j) = queryWord($word);
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($name, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$name];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$url = "html/libxml-$module.html#$id";
$results[$name] = array($relevance,$type,
$module, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XSLT') ||
($scope == 'API') || ($scope == 'XSLTAPI')) {
list($result, $j) = XSLTqueryWord($word);
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($name, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$name];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$url = "XSLT/html/libxslt-$module.html#$id";
$results[$name] = array($relevance,$type,
$module, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XML') ||
($scope == 'DOCS') || ($scope == 'XMLDOC')) {
list($result, $k) = queryHTMLWord($word);
if ($k > 0) {
for ($i = 0; $i < $k; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$id = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (strncmp($module, "libxml-", 7) == 0)
$url = "html/$module";
if ($id != "") {
$url = $url + "#$id";
}
$results["$name _html_ $number _ $i"] =
array($relevance, "XML docs",
$module, $desc, $name, $url);
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XSLT') ||
($scope == 'DOCS') || ($scope == 'XSLTDOC')) {
list($result, $k) = XSLTqueryHTMLWord($word);
if ($k > 0) {
for ($i = 0; $i < $k; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$id = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
$url = "XSLT/$module";
if ($id != "") {
$url = $url + "#$id";
}
$results["$name xslthtml $number _ $i "] =
array($relevance, "XSLT docs",
$module, $desc, $name, $url);
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XML') ||
($scope == 'LISTS') || ($scope == 'XMLLIST')) {
list($result, $j) = queryArchiveWord($word);
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$url = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($url, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$url];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$u = str_replace(
"http://mail.gnome.org/archives/xml/", "", $url);
$results[$url] = array($relevance,$type,
$u, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XSLT') ||
($scope == 'LISTS') || ($scope == 'XSLTLIST')) {
list($result, $j) = XSLTqueryArchiveWord($word);
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$url = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($url, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$url];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$u = str_replace(
"http://mail.gnome.org/archives/xslt/", "", $url);
$results[$url] = array($relevance,$type,
$u, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
}
if ((count($results) == 0) && (count($list) == 1)) {
$word = $list[0];
if (($scope == 'any') || ($scope == 'XML') ||
($scope == 'API') || ($scope == 'XMLAPI')) {
list($result, $j) = queryWord("xml$word");
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($name, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$name];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$url = "html/libxml-$module.html#$id";
$results[$name] = array($relevance,$type,
$module, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
if (($scope == 'any') || ($scope == 'XSLT') ||
($scope == 'API') || ($scope == 'XSLTAPI')) {
list($result, $j) = XSLTqueryWord("xslt$word");
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
$relevance = mysql_result($result, $i, 0);
$name = mysql_result($result, $i, 1);
$type = mysql_result($result, $i, 2);
$module = mysql_result($result, $i, 3);
$desc = mysql_result($result, $i, 4);
if (array_key_exists($name, $results)) {
list($r,$t,$m,$d,$w,$u) = $results[$name];
$results[$name] = array(($r + $relevance) * 2,
$t,$m,$d,$w,$u);
} else {
$id = $name;
$m = strtolower($module);
$url = "XSLT/html/libxslt-$module.html#$id";
$results[$name] = array($relevance,$type,
$module, $desc, $name, $url);
}
}
mysql_free_result($result);
}
}
}
mysql_close($link);
$nb = count($results);
echo "<h3 align='center'>Found $nb results for query $querystr</h3>\n";
usort($results, "resSort");
if ($nb > 0) {
printf("<table><tbody>\n");
printf("<tr><td>Quality</td><td>Symbol</td><td>Type</td><td>module</td><td>Description</td></tr>\n");
$i = 0;
while (list ($name, $val) = each ($results)) {
list($r,$t,$m,$d,$s,$u) = $val;
$m = str_replace("<", "&lt;", $m);
$s = str_replace("<", "&lt;", $s);
$d = str_replace("<", "&lt;", $d);
echo "<tr><td>$r</td><td><a href='$u'>$s</a></td><td>$t</td><td>$m</td><td>$d</td></tr>";
$i = $i + 1;
if ($i > 75)
break;
}
printf("</tbody></table>\n");
}
}
}
?>
</td></tr></table></td></tr></table></td></tr></table></td>
</tr></table></td></tr></table>
</body>
</html>