Goal: In vB search results, to include posts that "quotes" the user when that user name is search keyword.
In a post body, it looks like [QUOTE="username"] and vB seems not searching inside the BB code.
How can I do that?
Thanks
When vBulletin does a search by username, it ends up doing a database query like this:
SELECT ... FROM post WHERE username = 'username'
Find that query (it's in search.php) and change it to something like this:
SELECT ... FROM post WHERE username = 'username' OR pagetext LIKE '%[QUOTE=username%'
You'll probably need a bunch of tweaks and testing to get it right, but that should get you closer to a solution.
N.B. Be sure to sanitize the username. Usernames are not safe to insert into SQL directly!
Related
I have a problem with my app.
Im trying to set filters working, so im using mongoose find method.
I have something like that:
Campsite
.find({
name: req.query.name,
country: req.query.country
})
How i can force my query to check if user gave all the data?
For example i want user to search only by name and get results, search only by country and get results and search by both queries and also get result by combining both of values
Right now the code above works like that:
When user types name and leaves empty country it wont find anything because it kinda sends an empty country even if its disabled as an input and when i remove country property from my query and user search for the name he gets correct results.
How i can fix that?
I am trying to search for only folders with specific name, so I am using search and filter parameters. According to this search docs the search query should look like this:
GET /drive/root/search(q='vacation')
But if I want to add filter then according to this filter docs I should add filter=folder ne null but problem is how do I add It to original string ? In filter docs there is example of request
GET /drive/root/search?q=vacation&filter=image%20ne%20null%20and%20file%20ne%20null
which uses different syntax then example from search docs, and If I try to change It to my use like this
GET /drive/root/search?q=folderName&filter=folder ne null then I get 400 bad request reponse. So how can I search for specific item that is only folder ? thanks.
I wish I could comment, all you need to do is UrlEncode your parameters, quoting from the search doc.
Note: Samples omit proper URL encoding for readability. Actual filter syntax usage must be URL encoded.
For filter=folder ne null
This is what you should do append to url
filter%3Dfolder+ne+null
I have noticed in Geddy that when I create a model and a subsequent record for that model, I get a very ugly model ID associated with the record. Something like:
http://localhost:4000/posts/3FEEDE8D-2669-445B-AEA1-A31092A7FEDA
Is there a way to change this?
Ideally, I would always want this to be some sort of string. Where it be for a post or user:
http://localhost:4000/posts/this-is-a-post-title
http://localhost:4000/profile/meebix
If this is possible, how should I:
Configure routes
Change primary key for model
Other implementation steps I may need
Thanks!
Yes, you can change the id if you really want to, but you'll be going off the beaten path there, so it's quite a bad idea. Let Geddy handle IDs for you.
The way I would do this (and certainly how many others have too) is to have a "slugging" function create a slug from the post title, and save that in your database. Then, query on that instead in your show action. You won't have to change your routes.
This is what your query will look like in the show action:
Post.first({slug: params.id}, function (err, post) {
params.id is whatever string you use in the route /posts/<this string>
So once you change your show links to use the slug instead of the ID you will be all set!
I'm learning couchapp and it looks pretty easy to query database items.
But I have items with attachments, and I'd like to add hyperlinks to the attachments:
{{description}}
I can get id, attachment and description setup properly, but how do I get the current database name (or URL) from within a couchapp javascript function?
If you don't want to use relative urls, you can fetch the db name in following way:
var dbname = unescape(document.location.href).split('/')[2]
since your href looks like: http://host:port/dbname/doc...
This is also the code jquery.couch.app.js uses. So if you are using it, it's available for you in initialization code:
$.couch.app(function(app) { alert(app.db.name); });
I want to limit access to username+password table to one query pattern like:
SELECT count(id) AS auth_result
FROM user
WHERE username = '%s'
AND password = SHA1('%s')
(this query doesn't pretend to be working from the point of injection vulnerability, just an example)
Is that possible? or am I missing some different approach?
You can revoke all access to user table from all users except the owner, and create a view with like this:
create view auth_view as
select id, username, sha1(password) as sha1pass
from user;
Then your query will look like:
select count(id)
from auth_view
where username = '%s'
and sha1pass = sha1('%s')
Other possibility might be using PostgreSQL's rule system to rewrite or avoid certain king of queries on user table. But I am not sure what you are trying to do here.
I don't know whether what you plan is good or not but it should be possible with rewrite rules. Never played with it though.
I would suggest you write a function, and make it SECURITY DEFINER. See for example http://www.hagander.net/talks/hidden%20gems%20of%20postgresql.pdf, pages 28-36.