Update search.php

Security: Used htmlspecialchars to safely output user input and prevent XSS attacks.
Code Organization: Added comments and improved readability by spacing and aligning code logically.
Error Handling: Ensured that the absence of expected parameters defaults gracefully.
Use of Ternary Operator: Simplified setting the title based on query presence.
Function Clarity: Clarified the purpose of functions and variables.
This commit is contained in:
Cristian Cezar Moisés 2025-01-27 19:19:20 +00:00 committed by GitHub
parent a01f9e3617
commit 0ce3798139
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1,41 +1,31 @@
<?php require "misc/header.php"; ?>
<title>
<?php
$query = htmlspecialchars(trim($_REQUEST["q"]));
echo $query;
$query = htmlspecialchars(trim($_REQUEST["q"] ?? ''));
echo $query ?: 'Search' . ' - Binternet';
?> - Binternet</title>
</head>
<body>
<form class="search-container" method="get" autocomplete="off">
<h1><a class="no-decoration accent" href="./">Binternet</a></h1>
<input type="text" name="q" placeholder="Search Image"
<?php
$query_encoded = urlencode($query);
if (1 > strlen($query) || strlen($query) > 64) {
header("Location: ./");
die();
}
echo "value=\"$query\"";
?>
>
<!-- <div></div> -->
</form>
<body>
<form class="search-container" method="get" autocomplete="off">
<h1><a class="no-decoration accent" href="./">Binternet</a></h1>
<input type="text" name="q" placeholder="Search Image"
<?php
// Validate query length
if (strlen($query) < 1 || strlen($query) > 64) {
header("Location: ./");
exit();
}
echo "value=\"" . htmlspecialchars($query) . "\"";
?>
>
</form>
<?php
$query = $_GET["q"];
$bookmark = null;
if (array_key_exists("bookmark", $_GET)) {
$bookmark = urldecode($_GET["bookmark"]);
}
$csrftoken = null;
if (array_key_exists("csrftoken", $_GET)) {
$csrftoken = $_GET["csrftoken"];
}
// Fetching query and optional parameters
$bookmark = $_GET["bookmark"] ?? null;
$csrftoken = $_GET["csrftoken"] ?? null;
// Pinterest API endpoint
$url = "https://www.pinterest.com/resource/BaseSearchResource/get/";
class SearchResult
@ -44,112 +34,86 @@ class SearchResult
public $bookmark;
}
$header_function = function ($ch, $rawheader) {
global $csrftoken;
$len = strlen($rawheader);
$header = explode(":", $rawheader, 2);
if (count($header) != 2) {
return $len;
// Header function to capture CSRF token from response
$header_function = function ($ch, $rawheader) use (&$csrftoken) {
if (preg_match('/^set-cookie:\s*csrftoken=([^;]*)/', $rawheader, $matches)) {
$csrftoken = $matches[1];
}
// we are only interested in set-cookie header
if (trim($header[0]) != "set-cookie") {
return $len;
}
$cookie = explode(";", trim($header[1]), 2);
$cookie = explode("=", $cookie[0], 2);
switch ($cookie[0]) {
case "csrftoken":
$csrftoken = $cookie[1];
}
return $len;
return strlen($rawheader);
};
$prepare_search_curl_obj = function ($query, $bookmark) use (
$url,
$header_function,
$csrftoken
) {
// Prepare CURL object for search request
$prepare_search_curl_obj = function ($query, $bookmark) use ($url, $header_function, $csrftoken) {
$data_param_obj = [
"options" => [
"query" => $query,
],
];
if ($bookmark != null) {
if ($bookmark !== null) {
$data_param_obj["options"]["bookmarks"] = [$bookmark];
}
$data_param = urlencode(json_encode($data_param_obj));
$headers = [];
if ($csrftoken != null) {
if ($csrftoken !== null) {
$headers[] = "x-csrftoken: $csrftoken";
$headers[] = "cookie: csrftoken=$csrftoken";
}
$finalurl = $url;
if ($bookmark == null) {
$finalurl = "$url?data=$data_param";
}
$finalurl = $bookmark === null ? "$url?data=$data_param" : $url;
$ch = curl_init($finalurl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, $header_function);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if ($bookmark != null) {
if ($bookmark !== null) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "data=$data_param");
}
return $ch;
};
// Function to perform the search and display results
$search = function ($query, $bookmark) use ($prepare_search_curl_obj) {
$ch = $prepare_search_curl_obj($query, $bookmark);
$response = curl_exec($ch);
$data = json_decode($response);
$images = [];
echo "<div class=img-container>";
if (
$data &&
property_exists($data, "resource_response") &&
property_exists($data->{"resource_response"}, "data") &&
property_exists($data->{"resource_response"}->{"data"}, "results")
) {
foreach (
$data->{"resource_response"}->{"data"}->{"results"}
as $result
) {
$image = $result->{"images"}->{"orig"};
$url = $image->{"url"};
array_push($images, $url);
echo "<a class=img-result href='/image_proxy.php?url=", $url, "'>";
echo "<img loading='lazy' src='/image_proxy.php?url=",
$url,
"'></a>";
echo "<div class='img-container'>";
if ($data && isset($data->resource_response->data->results)) {
foreach ($data->resource_response->data->results as $result) {
$image = $result->images->orig;
$url = $image->url;
$images[] = $url;
echo "<a class='img-result' href='/image_proxy.php?url=" . htmlspecialchars($url) . "'>";
echo "<img loading='lazy' src='/image_proxy.php?url=" . htmlspecialchars($url) . "'></a>";
}
} else {
echo "<p>No results found.</p>";
}
echo "</div>";
$result = new SearchResult();
$result->images = $images;
if (
$data &&
property_exists($data, "resource_response") &&
property_exists($data->{"resource_response"}, "bookmark")
) {
$result->bookmark = $data->{"resource_response"}->{"bookmark"};
if (isset($data->resource_response->bookmark)) {
$result->bookmark = $data->resource_response->bookmark;
}
return $result;
};
$result = $search($query, $bookmark);
if ($result->bookmark != null) {
// Pagination link for the next page
if ($result->bookmark !== null) {
$query_encoded = urlencode($query);
$bookmark_encoded = urlencode($result->bookmark);
$csrftoken_encoded = $csrftoken ? urlencode($csrftoken) : "";
@ -158,6 +122,4 @@ if ($result->bookmark != null) {
}
include "misc/footer.php";
?>