From 7d3eeac48baac2b766abdeeb27eef3f810a1a898 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Wed, 18 Oct 2023 10:12:05 +0000
Subject: [PATCH] escape semester name and drop GlobalSearchBuzzwords, fixes
 #3366

Closes #3366

Merge request studip/studip!2290
---
 db/migrations/5.1.52_fix_for_biest3366.php    | 26 ++++++
 .../globalsearch/GlobalSearchBuzzwords.php    | 92 -------------------
 .../globalsearch/GlobalSearchCourses.php      |  2 +-
 .../globalsearch/GlobalSearchModules.php      |  2 +-
 .../globalsearch/GlobalSearchMyCourses.php    |  2 +-
 5 files changed, 29 insertions(+), 95 deletions(-)
 create mode 100644 db/migrations/5.1.52_fix_for_biest3366.php
 delete mode 100644 lib/classes/globalsearch/GlobalSearchBuzzwords.php

diff --git a/db/migrations/5.1.52_fix_for_biest3366.php b/db/migrations/5.1.52_fix_for_biest3366.php
new file mode 100644
index 00000000000..2ff333b6609
--- /dev/null
+++ b/db/migrations/5.1.52_fix_for_biest3366.php
@@ -0,0 +1,26 @@
+<?php
+
+class FixForBiest3366 extends Migration
+{
+    public function description()
+    {
+        return 'Removes the database table "globalsearch_buzzwords"';
+    }
+
+    public function up()
+    {
+        DBManager::get()->exec('DROP TABLE `globalsearch_buzzwords`');
+    }
+
+    public function down()
+    {
+        DBManager::get()->exec("CREATE TABLE `globalsearch_buzzwords` (
+            `id` CHAR(32) COLLATE latin1_bin NOT NULL,
+            `rights` ENUM('user','autor','tutor','dozent','admin','root') NOT NULL DEFAULT 'user',
+            `name` varchar(255) NOT NULL DEFAULT '',
+            `buzzwords` varchar(2048) NOT NULL DEFAULT '',
+            `subtitle` varchar(255) DEFAULT NULL,
+            `url` varchar(2048) NOT NULL DEFAULT '',
+            PRIMARY KEY (`id`))");
+    }
+}
diff --git a/lib/classes/globalsearch/GlobalSearchBuzzwords.php b/lib/classes/globalsearch/GlobalSearchBuzzwords.php
deleted file mode 100644
index fb9294a52df..00000000000
--- a/lib/classes/globalsearch/GlobalSearchBuzzwords.php
+++ /dev/null
@@ -1,92 +0,0 @@
-<?php
-/**
- * GlobalSearchModule for buzzwords: words that trigger some manual info,
- * e.g. links to Campus systems etc.
- *
- * @author      Thomas Hackl <thomas.hackl@uni-passau.de>
- * @license     http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
- * @category    Stud.IP
- * @since       4.1
- */
-class GlobalSearchBuzzwords extends SimpleORMap
-{
-
-    /**
-     * SimpleORMap metadata.
-     * @param array $config configuration for SORM.
-     */
-    protected static function configure($config = [])
-    {
-        $config['db_table'] = 'globalsearch_buzzwords';
-        $config['additional_fields']['rightsname'] = true;
-        parent::configure($config);
-    }
-
-    /**
-     * Gets the Stud.IP name for a given permission level.
-     * @return false|int|string
-     */
-    public function getRightsname()
-    {
-        return array_search($this->rights, $GLOBALS['perm']->permissions);
-    }
-
-    /**
-     * Returns the displayname for this module
-     *
-     * @return string
-     */
-    public static function getName()
-    {
-        return _('Stichwörter');
-    }
-
-    /**
-     * Transforms the search request into an sql statement, that provides the id (same as getId) as type and
-     * the object id, that is later passed to the filter.
-     *
-     * This function is required to make use of the mysql union parallelism
-     *
-     * @param string $search the input query string
-     * @return String SQL Query to discover elements for the search
-     */
-    public static function getSQL($search, $filter, $limit)
-    {
-        if (!$search) {
-            return null;
-        }
-
-        $query = DBManager::get()->quote("%{$search}%");
-        $rights = $GLOBALS['perm']->permissions[$GLOBALS['perm']->get_perm()];
-
-        return "SELECT SQL_CALC_FOUND_ROWS *
-                FROM `globalsearch_buzzwords`
-                WHERE `buzzwords` LIKE {$query}
-                  AND {$rights} >= rights";
-    }
-
-    /**
-     * Returns an array of information for the found element. Following information (key: description) is necessary
-     *
-     * - name: The name of the object
-     * - url: The url to send the user to when he clicks the link
-     *
-     * Additional informations are:
-     *
-     * - additional: Subtitle for the hit
-     * - expand: Url if the user further expands the search
-     * - img: Avatar for the
-     *
-     * @param array $buzz
-     * @param string $search
-     * @return array
-     */
-    public static function filter($buzz, $search)
-    {
-        return [
-            'name'       => htmlReady($buzz['name']),
-            'url'        => $buzz['url'],
-            'additional' => $buzz['subtitle']
-        ];
-    }
-}
diff --git a/lib/classes/globalsearch/GlobalSearchCourses.php b/lib/classes/globalsearch/GlobalSearchCourses.php
index ed124da3208..3725484aef8 100644
--- a/lib/classes/globalsearch/GlobalSearchCourses.php
+++ b/lib/classes/globalsearch/GlobalSearchCourses.php
@@ -216,7 +216,7 @@ class GlobalSearchCourses extends GlobalSearchModule implements GlobalSearchFull
             'number'        => self::mark($course->veranstaltungsnummer, $search),
             'name'          => self::mark($course->getFullname(), $search),
             'url'           => URLHelper::getURL("dispatch.php/course/details/index/{$course->id}", [], true),
-            'date'          => $semester->short_name,
+            'date'          => htmlReady($semester->short_name),
             'dates'         => $turnus_string,
             'has_children'  => count($course->children) > 0,
             'children'      => $result_children,
diff --git a/lib/classes/globalsearch/GlobalSearchModules.php b/lib/classes/globalsearch/GlobalSearchModules.php
index 66d53178794..b9f87201140 100644
--- a/lib/classes/globalsearch/GlobalSearchModules.php
+++ b/lib/classes/globalsearch/GlobalSearchModules.php
@@ -141,7 +141,7 @@ class GlobalSearchModules extends GlobalSearchModule
                 true
             ),
             'img'        => Icon::create('learnmodule', $icon_role)->asImagePath(),
-            'date'       => $duration,
+            'date'       => htmlReady($duration),
             'expand'     => self::getSearchURL($search),
             'additional' => $additional,
         ];
diff --git a/lib/classes/globalsearch/GlobalSearchMyCourses.php b/lib/classes/globalsearch/GlobalSearchMyCourses.php
index acafde59d43..124fb176e07 100644
--- a/lib/classes/globalsearch/GlobalSearchMyCourses.php
+++ b/lib/classes/globalsearch/GlobalSearchMyCourses.php
@@ -153,7 +153,7 @@ class GlobalSearchMyCourses extends GlobalSearchModule
             'number'        => self::mark($course->veranstaltungsnummer, $search),
             'name'          => self::mark($course->getFullname(), $search),
             'url'           => URLHelper::getURL('seminar_main.php', ['cid' => $course->id], true),
-            'date'          => $semester->short_name,
+            'date'          => htmlReady($semester->short_name),
             'dates'         => $turnus_string,
             'has_children'  => count($course->children) > 0,
             'children'      => $result_children,
-- 
GitLab