osm-search/Nominatim
1
1
Fork 0
mirror of https://github.com/osm-search/Nominatim.git synced 2024-12-26 22:44:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

don't trust words from word table to be sanatized

Browse Source
This commit is contained in:
Sarah Hoffmann 2017-10-08 17:36:38 +02:00
parent 4bff2814a9
commit 614a6ab861
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/SearchDescription.php
View File

@ -201,7 +201,9 @@ class SearchDescription
// We need to try the case where the postal code is the primary element // We need to try the case where the postal code is the primary element
// (i.e. no way to tell if it is (postalcode, city) OR (city, postalcode) // (i.e. no way to tell if it is (postalcode, city) OR (city, postalcode)
// so try both. // so try both.
if (!$this->sPostcode && $bWordInQuery) { if (!$this->sPostcode && $bWordInQuery
&& pg_escape_string($aSearchTerm['word']) == $aSearchTerm['word']
) {
// If we have structured search or this is the first term, // If we have structured search or this is the first term,
// make the postcode the primary search element. // make the postcode the primary search element.
if ($this->iOperator == Operator::NONE if ($this->iOperator == Operator::NONE
@ -239,6 +241,9 @@ class SearchDescription
if (preg_match_all("/[^0-9]/", $oSearch->sHouseNumber, $aMatches) > 2) { if (preg_match_all("/[^0-9]/", $oSearch->sHouseNumber, $aMatches) > 2) {
$oSearch->iSearchRank++; $oSearch->iSearchRank++;
} }
if (!isset($aSearchTerm['word_id'])) {
$oSearch->iSearchRank++;
}
// also must not appear in the middle of the address // also must not appear in the middle of the address
if (sizeof($this->aAddress) || sizeof($this->aAddressNonSearch)) { if (sizeof($this->aAddress) || sizeof($this->aAddressNonSearch)) {
$oSearch->iSearchRank++; $oSearch->iSearchRank++;
@ -446,7 +451,7 @@ class SearchDescription
$sSQL .= 'WHERE '; $sSQL .= 'WHERE ';
} }
$sSQL .= "p.postcode = '".pg_escape_string(reset($this->aName))."'"; $sSQL .= "p.postcode = '".reset($this->aName)."'";
$sCountryTerm = $this->countryCodeSQL('p.country_code', $sCountryList); $sCountryTerm = $this->countryCodeSQL('p.country_code', $sCountryList);
if ($sCountryTerm) { if ($sCountryTerm) {
$sSQL .= ' AND '.$sCountryTerm; $sSQL .= ' AND '.$sCountryTerm;