11-16-2003, 05:32 PM
i just install phpdig 1.6.3 and have some HTML errors with phpdigHighlight

how i fix it (search_function.php)

303: $extract .= ' ...'.phpdigHighlight($reg_strings,phpdigHighlight($reg_strings,str_replace( '<','&lt;',str_replace('>','&gt;',trim($extract_content))))).'... ';

change to

$extract .= ' ...'.phpdigHighlight($reg_strings,str_replace('<','&lt;',str_replace('>','&gt;',trim($extract_content)))).'... ';

string 313 change to
$title = phpdigHighlight($reg_strings,$title);

11-16-2003, 05:59 PM
Hi. That won't quite fix it. Please see this (http://www.phpdig.net/showthread.php?threadid=218) thread or wait about 24 hours for PhpDig version 1.6.4 to be released. ;)

11-16-2003, 06:03 PM
i also made TITLE modification

392(search_function.php): $title_message = phpdigMsg('s_results');
change to
$title_message = "My Site TITLE : ".strip_tags($query_string);

also on search.php you should remove all HTML, JavaScript and etc TAGS from query_string
simple solution :

phpdigSearch($id_connect, strip_tags($query_string), $option, $refine,
$refine_url, $lim_start, $limite, $browse,
$site, $path, $relative_script_path, $template);

for example http://www.phpdig.net/demo/search.php?template_demo=&site=&path=&result_page=search.php&query_string=%3CH1%3Etest&search=Go...&limite=10&option=start

11-16-2003, 06:46 PM
Hi. Thanks for the display fix, but it might be better to do it like below due to SGML specifications, but of course TIMTOWTDI (there is more than one way to do it). The display problem in version 1.6.3 did not let such tags pass to database queries.

In search_functoin.php find:

$result_message = stripslashes(ucfirst(phpdigMsg('results'))." $n_start-$n_end, $num_tot ".phpdigMsg('total').", ".phpdigMsg('on')." \"$query_string\" ($search_time ".phpdigMsg('seconds').")");

and replace with:

$result_message = stripslashes(ucfirst(phpdigMsg('results'))." $n_start-$n_end, $num_tot ".phpdigMsg('total').", ".phpdigMsg('on')." \"".htmlspecialchars($query_string)."\" ($search_time ".phpdigMsg('seconds').")");

Remember to remove any "word" wrapping in the above code. ;)