num_rows == 0 )
{
$message = "No book versions found.";
DisplayErrorMessage( $message );
exit;
}
while ( list($v) = $result->fetch_row() )
{
$versions[] = $v;
}
// Get the header and footer code
$handle = fopen("header1.html", "r");
$header1 = fread($handle, 8192);
fclose($handle);
# Change the title
$lines = explode("\n", $header1);
$lines[5] = "Security Advisories";
$header1 = implode("\n", $lines);
$handle = fopen("header.html", "r");
$header = fread($handle, 8192);
fclose($handle);
// Remove the first line
$lines = explode("\n", $header);
unset( $lines[0] );
$header = implode("\n", $lines);
$handle = fopen("footer.html", "r");
$footer = fread($handle, 8192);
fclose($handle);
$handle = fopen("menu.html", "r");
$menu = fread($handle, 8192);
fclose($handle);
$submit = ( isset($_POST['submit']) ) ? $_POST['submit'] : "notset";
// Start output
print $header1;
print $header;
print $menu;
echo "\n";
$pop_message = "";
$list_packages = "";
$only_headers= ( isset($_POST['headers']) ) ? $_POST['headers'] : "";
if ( $submit == "Search" ) search();
else main();
//echo "
\n";
print $footer;
/////// End
function main()
{
global $pop_message;
global $list_packages;
global $desc;
global $versions;
print "Linux From Scratch Security Advisories
\n";
print "
HTML;
if ( strlen($pop_message) > 0 ) DisplayErrorMessage( $pop_message );
if ( strlen($list_packages) > 0 )
printf( "%s
", $list_packages );
}
function search()
{
main();
global $list_packages;
global $pop_message;
$search_type = $_POST['stype'];
$severity = ( isset($_POST['severity']) ) ? $_POST['severity'] : "";
switch ( $search_type )
{
case "Book":
search_by_book( $severity );
break;
case "package":
search_by_package( $severity );
break;
case "all":
display_all( $severity );
break;
}
if ( strlen($pop_message) > 0 )
DisplayErrorMessage( $pop_message );
else
printf( "%s
", $list_packages );
}
function search_by_book( $severity )
{
global $pop_message;
global $list_packages;
$book = $_POST['book'];
$release = $_POST['release'];
$query = "SELECT id, name, entry_date, severity, description " .
"FROM advisories WHERE " .
"SUBSTRING( id, 4, 4) = '$release'";
if ( $severity != "" )
{
$level = $_POST['level'];
$query .= " AND severity='$level'";
}
$query .= " ORDER BY id DESC, entry_date DESC, name";
$result = query_db( $query );
if ( $result->num_rows == 0 )
{
$pop_message = "No results found.";
return;
}
$list_packages = "\n";
$list_packages .= "| ID |
Package |
DateID |
Severity | \n";
# $severity is reused here
while ( list( $id, $name, $entry_date, $severity, $description ) = $result->fetch_row() )
{
$list_packages .= format_advisory( $name, $id, $entry_date, $severity, $description );
}
$list_packages .= "
|---|
";
}
function search_by_package( $severity )
{
global $pop_message;
global $list_packages;
$pkg = $_POST['package'];
# Add validity check for $pkg
define( "ALPHA", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" );
define( "DIGIT", "0123456789" );
# Check for valid package/version
$package = $_POST['package'];
# Sanity check for package name
if ( strlen($package) < 2 )
$pop_message .= "Package name is too short.";
else
{
$ok = validate( $package, ALPHA . DIGIT . "-_" );
if ( ! $ok )
{
$pop_message .= "Bad characters in package name '$package'.
";
return;
}
}
$query = "SELECT id, name, entry_date, severity, description " .
"FROM advisories " .
"WHERE name LIKE '%$pkg%' ";
if ( $severity != "" )
{
$level = $_POST['level'];
$query .=" AND severity='$level' ";
}
$query .= "ORDER BY id DESC, entry_date DESC, name";
//print $query;
$result = query_db( $query );
if ( $result->num_rows == 0 )
{
$pop_message = "No results found.";
return;
}
$list_packages = "\n";
$list_packages .= "| ID |
Package |
DateID |
Severity | \n";
# $severity is reused here
while ( list( $id, $name, $entry_date, $severity, $description ) = $result->fetch_row() )
{
$list_packages .= format_advisory( $name, $id, $entry_date, $severity, $description );
}
$list_packages .= "
|---|
";
}
/*
function search_description( $severity )
{
global $pop_message;
global $list_packages;
$search = $_POST['search'];
$query = "SELECT * FROM advisories WHERE " .
"description LIKE '%$search%' ";
if ( $severity != "" )
{
$level = $_POST['level'];
$query .=" AND severity='$level'";
}
$query .= "ORDER BY package, pkg_version DESC";
$result = query_db( $query );
if ( $result->num_rows == 0 )
{
$pop_message = "No results found.";
return;
}
while ( list($entry, $package, $pkg_version, $book, $book_version,
$entry_date, $level, $description) = $result->fetch_row() )
{
# Highlight the search string
$replace = "$search";
# Escape any slashes
$search = preg_replace( "/\//", "\/", $search );
$description = preg_replace( "/$search/", $replace, $description );
$list_packages .= format_advisory( $package, $pkg_version,
$book, $book_version,
$level, $entry_date,
$description );
}
}
*/
function display_all( $severity )
{
global $pop_message;
global $list_packages;
$query = "SELECT id, name, entry_date, severity, description " .
"FROM advisories";
if ( $severity != "" )
{
$level = $_POST['level'];
$query .= " WHERE severity='$level';";
}
$result = query_db( $query );
if ( $result->num_rows == 0 )
{
$pop_message = "No results found.";
return;
}
$list_packages = "\n";
$list_packages .= "| ID |
Package |
DateID |
Severity | \n";
# $severity is reused here
while ( list( $id, $name, $entry_date, $severity, $description ) = $result->fetch_row() )
{
$list_packages .= format_advisory( $name, $id, $entry_date, $severity, $description );
}
$list_packages .= "
|---|
";
}
function format_advisory( $name, $id, $entry_date, $severity, $description )
{
global $list_packages;
global $desc;
$list_packages .=
"| $id |
$name |
$entry_date |
$severity |
\n";
if ( $desc == "true" )
$list_packages .= "| $description |
\n";
}
function validate( $input, $valid )
{
$bytes = str_split( $input );
foreach ( $bytes as $byte )
{
if ( strpos( $valid, $byte ) === false ) return false;
}
return true;
}
?>