Second Life viewer sources 1.18.5.3

author: Jacek Antonelli 2008-08-15 23:45:18 -0500
committer: Jacek Antonelli 2008-08-15 23:45:18 -0500
commit: 8241b4d734ad553948c801164f5d2cd5fee1becd (patch)
tree: b8fd3c57f139f81b36e2c9aea8c0d7b2b2f225d0 /linden/indra/newview/llpaneldirfind.cpp
parent: Second Life viewer sources 1.18.5.2-RC (diff)
download: meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.zip
meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.gz
meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.bz2
meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.xz
1 files changed, 24 insertions, 11 deletions
diff --git a/linden/indra/newview/llpaneldirfind.cpp b/linden/indra/newview/llpaneldirfind.cpp
index 591f06d..3dd419f 100644
--- a/linden/indra/newview/llpaneldirfind.cpp
+++ b/linden/indra/newview/llpaneldirfind.cpp
@@ -182,23 +182,36 @@ void LLPanelDirFindAll::search(const std::string& search_text)
                // Replace spaces with "+" for use by Google search appliance
                // Yes, this actually works for double-spaces
                // " foo  bar" becomes "+foo++bar" and works fine. JC
-                std::string query = search_text;
-                std::string::iterator it = query.begin();
+                // Since we are already iterating over the query,
-                for ( ; it != query.end(); ++it )
+                // do our own custom escaping here.
+                // Our own special set of allowed chars (RFC1738 http://www.ietf.org/rfc/rfc1738.txt)
+                const char* allowed =   
+                        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                        "0123456789"
+                        "-._~$+!*'()";
+                std::string query;
+                std::string::const_iterator it = search_text.begin();
+                for ( ; it != search_text.end(); ++it )
                {
                        if ( std::isspace( *it ) )
                        {
-                                *it = '+';
+                                query += '+';
+                        }
+                        else if(strchr(allowed,*it))
+                        {
+                                // The character is in the allowed set, just copy it
+                                query += *it;
+                        }
+                        else
+                        {
+                                // Do escaping
+                                query += llformat("%%%02X", *it);
                        }
                }
-                // If user types "%" into search, it builds a bogus URL.
-                // Try to work around that.  It's not a security problem
-                // as far as I can tell -- we MySQL escape database queries
-                // on the server.  Do this after "+" substitution because
-                // "+" is an allowed character.
-                query = LLURI::escape(query);
                std::string url = gSavedSettings.getString("SearchURLQuery");
                std::string substring = "[QUERY]";
                url.replace(url.find(substring), substring.length(), query);
author	Jacek Antonelli	2008-08-15 23:45:18 -0500
committer	Jacek Antonelli	2008-08-15 23:45:18 -0500
commit	8241b4d734ad553948c801164f5d2cd5fee1becd (patch)
tree	b8fd3c57f139f81b36e2c9aea8c0d7b2b2f225d0 /linden/indra/newview/llpaneldirfind.cpp
parent	Second Life viewer sources 1.18.5.2-RC (diff)
download	meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.zip meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.gz meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.bz2 meta-impy-8241b4d734ad553948c801164f5d2cd5fee1becd.tar.xz

diff --git a/linden/indra/newview/llpaneldirfind.cpp b/linden/indra/newview/llpaneldirfind.cpp index 591f06d..3dd419f 100644 --- a/linden/indra/newview/llpaneldirfind.cpp +++ b/linden/indra/newview/llpaneldirfind.cpp
@@ -182,23 +182,36 @@ void LLPanelDirFindAll::search(const std::string& search_text)
182	// Replace spaces with "+" for use by Google search appliance	182	// Replace spaces with "+" for use by Google search appliance
183	// Yes, this actually works for double-spaces	183	// Yes, this actually works for double-spaces
184	// " foo bar" becomes "+foo++bar" and works fine. JC	184	// " foo bar" becomes "+foo++bar" and works fine. JC
185	std::string query = search_text;	185
186	std::string::iterator it = query.begin();	186	// Since we are already iterating over the query,
187	for ( ; it != query.end(); ++it )	187	// do our own custom escaping here.
		188
		189	// Our own special set of allowed chars (RFC1738 http://www.ietf.org/rfc/rfc1738.txt)
		190	const char* allowed =
		191	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
		192	"0123456789"
		193	"-._~$+!*'()";
		194
		195	std::string query;
		196	std::string::const_iterator it = search_text.begin();
		197	for ( ; it != search_text.end(); ++it )
188	{	198	{
189	if ( std::isspace( *it ) )	199	if ( std::isspace( *it ) )
190	{	200	{
191	*it = '+';	201	query += '+';
		202	}
		203	else if(strchr(allowed,*it))
		204	{
		205	// The character is in the allowed set, just copy it
		206	query += *it;
		207	}
		208	else
		209	{
		210	// Do escaping
		211	query += llformat("%%%02X", *it);
192	}	212	}
193	}	213	}
194		214
195	// If user types "%" into search, it builds a bogus URL.
196	// Try to work around that. It's not a security problem
197	// as far as I can tell -- we MySQL escape database queries
198	// on the server. Do this after "+" substitution because
199	// "+" is an allowed character.
200	query = LLURI::escape(query);
201
202	std::string url = gSavedSettings.getString("SearchURLQuery");	215	std::string url = gSavedSettings.getString("SearchURLQuery");
203	std::string substring = "[QUERY]";	216	std::string substring = "[QUERY]";
204	url.replace(url.find(substring), substring.length(), query);	217	url.replace(url.find(substring), substring.length(), query);