aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/linden/indra/newview/llpaneldirfind.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'linden/indra/newview/llpaneldirfind.cpp')
-rw-r--r--linden/indra/newview/llpaneldirfind.cpp35
1 files changed, 24 insertions, 11 deletions
diff --git a/linden/indra/newview/llpaneldirfind.cpp b/linden/indra/newview/llpaneldirfind.cpp
index 591f06d..3dd419f 100644
--- a/linden/indra/newview/llpaneldirfind.cpp
+++ b/linden/indra/newview/llpaneldirfind.cpp
@@ -182,23 +182,36 @@ void LLPanelDirFindAll::search(const std::string& search_text)
182 // Replace spaces with "+" for use by Google search appliance 182 // Replace spaces with "+" for use by Google search appliance
183 // Yes, this actually works for double-spaces 183 // Yes, this actually works for double-spaces
184 // " foo bar" becomes "+foo++bar" and works fine. JC 184 // " foo bar" becomes "+foo++bar" and works fine. JC
185 std::string query = search_text; 185
186 std::string::iterator it = query.begin(); 186 // Since we are already iterating over the query,
187 for ( ; it != query.end(); ++it ) 187 // do our own custom escaping here.
188
189 // Our own special set of allowed chars (RFC1738 http://www.ietf.org/rfc/rfc1738.txt)
190 const char* allowed =
191 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
192 "0123456789"
193 "-._~$+!*'()";
194
195 std::string query;
196 std::string::const_iterator it = search_text.begin();
197 for ( ; it != search_text.end(); ++it )
188 { 198 {
189 if ( std::isspace( *it ) ) 199 if ( std::isspace( *it ) )
190 { 200 {
191 *it = '+'; 201 query += '+';
202 }
203 else if(strchr(allowed,*it))
204 {
205 // The character is in the allowed set, just copy it
206 query += *it;
207 }
208 else
209 {
210 // Do escaping
211 query += llformat("%%%02X", *it);
192 } 212 }
193 } 213 }
194 214
195 // If user types "%" into search, it builds a bogus URL.
196 // Try to work around that. It's not a security problem
197 // as far as I can tell -- we MySQL escape database queries
198 // on the server. Do this after "+" substitution because
199 // "+" is an allowed character.
200 query = LLURI::escape(query);
201
202 std::string url = gSavedSettings.getString("SearchURLQuery"); 215 std::string url = gSavedSettings.getString("SearchURLQuery");
203 std::string substring = "[QUERY]"; 216 std::string substring = "[QUERY]";
204 url.replace(url.find(substring), substring.length(), query); 217 url.replace(url.find(substring), substring.length(), query);