X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=blobdiff_plain;f=application%2Fcontrollers%2Fcatalog.php;h=79d0f96c0a29f08a243c7297d75c34fc14464e41;hb=14163bd2cf49ea2c6d30530515e5f27cf7b5850b;hp=95a6908c364e4d071f5db69d1ccb4f328eeb829b;hpb=85bae784f30d1777db15f43d2e3ce04a2c3e8653;p=living-lab-site.git

diff --git a/application/controllers/catalog.php b/application/controllers/catalog.php
index 95a6908..79d0f96 100644
--- a/application/controllers/catalog.php
+++ b/application/controllers/catalog.php
@@ -131,7 +131,6 @@ class Catalog extends CI_Controller {
 		$this->load->view('html_begin', $this->html_head_params);
 		$this->load->view('header', array(
 			'search_category_name'=>$vs_data['category_name'],
-			'search_category_title'=>$vs_data['category_title']
 		));
 		
 // 		$main_params['content'] = $this->load->view('catalog/category_view', $data, TRUE);
@@ -146,20 +145,31 @@ class Catalog extends CI_Controller {
 	
 	public function search($search_query = "", $offset = 0, $category_name = NULL)
 	{
+		$this->load->model('videos_model');
+		$this->load->library('security');
+		
 		// Redirect to an URL which contains search string if data was passed
 		// via POST method and not via URL segments.
-		$str_post_search = $this->input->post('search', TRUE);
+		$str_post_search = $this->input->post('search');
+		$str_post_category = $this->input->post('search-category');
 		if ($search_query === "" && $str_post_search !== FALSE) 
-			redirect('catalog/search/'. $this->input->post('search', TRUE));
+		{
+			redirect('catalog/search/'
+				. $this->videos_model->encode_search_query($str_post_search)
+				. '/0'
+				. ($str_post_category === FALSE ? '' : "/$str_post_category"));
+			return;
+		}
 
-		$this->load->model('videos_model');
-		
 		// **
 		// ** LOADING MODEL
 		// **
 		// Search query is encoded for URL and must be decoded.
 		$enc_search_query = $search_query;
 		$search_query = $this->videos_model->decode_search_query($search_query);
+		
+		// Security filtering
+		$search_query = $this->security->xss_clean($search_query);
 		$results_data['search_query'] = $search_query;
 
 		// Category
@@ -172,14 +182,13 @@ class Catalog extends CI_Controller {
 		if ($category_name !== NULL)
 		{
 			$header_data['search_category_name'] = $results_data['category_name'];
-			$header_data['search_category_title'] = $results_data['category_title'];
 		}
 		
 		// Check if search string is valid.
-		if (strlen($search_query) < 4)
+		if (strlen($search_query) === 0)
 		{
 			//$results_data['videos'] = NULL;
-			$this->error($this->lang->line('error_search_query_too_short'),
+			$this->error($this->lang->line('error_search_query_empty'),
 				$header_data);
 			return;
 		}