public ActionResult Render(string q, string cat = "", string order = "", int fid = 0, bool solved = false, bool replies = false, int?v = null)
{
// If no search string specified, use a blank one to prevent null exceptions.
if (string.IsNullOrEmpty(q))
{
q = string.Empty;
}
if (q.StartsWith("duplicate content") && q.Contains("SELECT"))
{
q = string.Empty;
}
// A particular SQL injection attack uses this query which takes very long to process, turning it into and easy DOS attack
// /search?q=999999.9' /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39 and '0'='0--
if (q.Contains("999999.9'") || q.Contains("0x393133353134353632392e39"))
{
q = string.Empty;
}
var umbracoPage = this.CurrentPage;
var nodeTypeAlias = cat;
var forumName = string.Empty;
var filters = new List <SearchFilters>();
if (nodeTypeAlias == "project")
{
var searchFilters = new SearchFilters(BooleanOperation.And);
searchFilters.Filters.Add(new SearchFilter("projectLive", "1"));
filters.Add(searchFilters);
}
if (nodeTypeAlias == "forum" && fid > 0)
{
var searchFilters = new SearchFilters(BooleanOperation.And);
searchFilters.Filters.Add(new SearchFilter("parentId", fid));
filters.Add(searchFilters);
var forum = Umbraco.ContentQuery.TypedContent(fid);
var parentForum = forum.Parent;
forumName = forum.Name + " - " + parentForum.Name;
}
if (solved)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("solved", "0"));
filters.Add(searchFilters);
}
if (replies)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("replies", "0"));
filters.Add(searchFilters);
}
var ourSearcher = new OurSearcher(q,
//TODO: Depending on what order by this is, we need to pass in a data
// type here, for example, if its an INT or a Date!
orderBy: order,
maxResults: 100,
nodeTypeAlias: nodeTypeAlias,
majorDocsVersion: v,
filters: filters);
var results = ourSearcher.Search();
var model = new SearchResultContentModel(umbracoPage, results);
if (string.IsNullOrWhiteSpace(forumName) == false)
{
model.Results.Category = forumName;
}
return(PartialView("~/Views/Partials/SearchResults.cshtml", model));
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
if (!IsPostBack)
{
var umbracoPage = UmbracoContext.PublishedContentRequest.PublishedContent;
var nodeTypeAlias = Request.QueryString["cat"];
//TODO: If we are searching on projects, they need to be filtered to approved/live!
int forumId;
var forumName = string.Empty;
var filters = new List <SearchFilters>();
if (nodeTypeAlias == "forum" && int.TryParse(Request.QueryString["fid"], out forumId))
{
var searchFilters = new SearchFilters(BooleanOperation.And);
searchFilters.Filters.Add(new SearchFilter("parentId", forumId.ToString()));
filters.Add(searchFilters);
var umbracoHelper = new UmbracoHelper(UmbracoContext.Current);
var forum = umbracoHelper.ContentQuery.TypedContent(forumId);
var parentForum = forum.Parent;
forumName = forum.Name + " - " + parentForum.Name;
}
if (string.IsNullOrWhiteSpace(Request.QueryString["solved"]) == false)
{
bool onlySolvedItems;
if (bool.TryParse(Request.QueryString["solved"], out onlySolvedItems) && onlySolvedItems)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("solved", "0"));
filters.Add(searchFilters);
}
}
if (string.IsNullOrWhiteSpace(Request.QueryString["replies"]) == false)
{
bool onlyIfReplies;
if (bool.TryParse(Request.QueryString["replies"], out onlyIfReplies) && onlyIfReplies)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("replies", "0"));
filters.Add(searchFilters);
}
}
var orderBy = string.Empty;
if (string.IsNullOrWhiteSpace(Request.QueryString["order"]) == false)
{
orderBy = Request.QueryString["order"];
}
var ourSearcher = new OurSearcher(Request.QueryString["q"],
//TODO: Depending on what order by this is, we need to pass in a data
// type here, for example, if its an INT or a Date!
orderBy: orderBy,
maxResults: 100,
nodeTypeAlias:
nodeTypeAlias,
filters: filters);
var results = ourSearcher.Search();
Model = new SearchResultContentModel(umbracoPage, results);
if (string.IsNullOrWhiteSpace(forumName) == false)
{
Model.Results.Category = forumName;
}
SearchText.Text = Model.Results.SearchTerm;
}
else
{
Response.Redirect("/search?q=" + SearchText.Text);
}
}
public ActionResult Render(string q, string cat = "", string order = "", int fid = 0, bool solved = false, bool replies = false)
{
// A particular SQL injection attack uses this query which takes very long to process, turning it into and easy DOS attack
// /search?q=999999.9' /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39 and '0'='0--
if (q.Contains("0x393133353134353632392e39"))
{
Response.Redirect("/search?q=");
}
var umbracoPage = UmbracoContext.PublishedContentRequest.PublishedContent;
var nodeTypeAlias = cat;
//TODO: If we are searching on projects, they need to be filtered to approved/live!
var forumName = string.Empty;
var filters = new List <SearchFilters>();
if (nodeTypeAlias == "forum" && fid > 0)
{
var searchFilters = new SearchFilters(BooleanOperation.And);
searchFilters.Filters.Add(new SearchFilter("parentId", fid));
filters.Add(searchFilters);
var umbracoHelper = new UmbracoHelper(UmbracoContext.Current);
var forum = umbracoHelper.ContentQuery.TypedContent(fid);
var parentForum = forum.Parent;
forumName = forum.Name + " - " + parentForum.Name;
}
if (solved)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("solved", "0"));
filters.Add(searchFilters);
}
if (replies)
{
var searchFilters = new SearchFilters(BooleanOperation.Not);
searchFilters.Filters.Add(new SearchFilter("replies", "0"));
filters.Add(searchFilters);
}
var ourSearcher = new OurSearcher(q,
//TODO: Depending on what order by this is, we need to pass in a data
// type here, for example, if its an INT or a Date!
orderBy: order,
maxResults: 100,
nodeTypeAlias: nodeTypeAlias,
filters: filters);
var results = ourSearcher.Search();
var model = new SearchResultContentModel(umbracoPage, results);
if (string.IsNullOrWhiteSpace(forumName) == false)
{
model.Results.Category = forumName;
}
return(PartialView("~/Views/Partials/SearchResults.cshtml", model));
}
