Author |
Topic |
Lon2
Junior Member
USA
151 Posts |
Posted - 04 December 2008 : 11:57:07
|
I searched Snitz and couldn't find a topic on this: I was wondering if it's possible to type a search string directly in my browser's address field to search the forums without using the forum's search form? For example, typing this directly in the browser's address bar:
http://www.website.com/forum/search.asp?forum_ID=4&SearchTerms=word1,word2< |
|
MaD2ko0l
Senior Member
United Kingdom
1053 Posts |
Posted - 04 December 2008 : 12:09:04
|
i dont think you add search terms..if i remember correctly its to stop a security flaw..correct me if im wrong that may have been for somthing else but im sure they made it this way so that a user cannot exploit anything that may occur via dodgy search terms.< |
© 1999-2010 MaD2ko0l |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 04 December 2008 : 12:24:57
|
it has always been a POST form rather than a GET, I don't know why it was done the way it was, it has allways been that way.< |
|
|
Lon2
Junior Member
USA
151 Posts |
Posted - 04 December 2008 : 12:50:41
|
Thanks for the answers.
< |
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 04 December 2008 : 22:34:36
|
Find the line in search.asp that has:
if Request.QueryString("mode") = "DoIt" then
Above that add this:
if trim(Request.Form("Search")) <> "" then
ThisSearch = Request.Form("Search")
elseif trim(Request.QueryString("Search")) <> "" then
ThisSearch = Request.QueryString("Search")
end if
Change:
if Request.QueryString("mode") = "DoIt" then
To:
if Request.QueryString("mode") = "DoIt" or ThisSearch <> "" then
And, change all instances of:
Request.Form("Search")
To:
ThisSearch
Try your search for one word as:
http://www.mydomain.com/search.asp?search=word1
Try your search for two words as:
http://www.mydomain.com/search.asp?search=word1+word2
Most of all ... have fun! < |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 05 December 2008 : 04:58:14
|
In addition to what I wrote above ...
Below the following:
if trim(Request.Form("Search")) <> "" then
ThisSearch = Request.Form("Search")
elseif trim(Request.QueryString("Search")) <> "" then
ThisSearch = Request.QueryString("Search")
end if
Add this:
if trim(Request.Form("Forum")) <> "" then
ThisForum = Request.Form("Forum")
elseif trim(Request.QueryString("Forum")) <> "" then
ThisForum = Request.QueryString("Forum")
end if
And, change all instances of:
Request.Form("Forum")
To:
ThisForum
Try your search for one word as:
http://www.mydomain.com/search.asp?search=word1&forum=1
Try your search for two words as:
http://www.mydomain.com/search.asp?search=word1+word2&forum=1
if the forum id you are querying does not produce results, then try the next forum id.
Above of all ... have much more fun than you were having before! < |
Edited by - Etymon on 05 December 2008 04:59:46 |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 05 December 2008 : 05:31:07
|
Hey Huw,
If you think this qualifies as a MOD, then after Lon2 gets to have a look at it, would you mind moving the topic over to the MOD Add-on Forum w/Code for others to enjoy as well?
Cheers,
Etymon< |
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 05 December 2008 : 06:32:02
|
Isn't that what I did here:
if trim(Request.Form("Search")) <> "" then
ThisSearch = Request.Form("Search")
elseif trim(Request.QueryString("Search")) <> "" then
ThisSearch = Request.QueryString("Search")
end if < |
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
Etymon
Advanced Member
United States
2385 Posts |
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 05 December 2008 : 07:59:03
|
quote: Originally posted by Etymon
Isn't that what I did here:
if trim(Request.Form("Search")) <> "" then
ThisSearch = Request.Form("Search")
elseif trim(Request.QueryString("Search")) <> "" then
ThisSearch = Request.QueryString("Search")
end if
Don't forget to properly sanitize the inputs with at least the ChkString function.< |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 05 December 2008 : 08:06:57
|
Thanks for the suggestion Anon!
I was just substituting ThisSearch with what is already in the original code which is Request.Form("Search"). Maybe adding the chkstring where it is needed in search.asp also could be an addition to be considered for 3.4.07 as well.
For chkstring(), are you suggesting SQLString or something other?
< |
|
|
Lon2
Junior Member
USA
151 Posts |
Posted - 05 December 2008 : 10:04:09
|
So how would I properly sanitize the inputs with at least the ChkString function?
< |
|
|
Topic |
|