X-Git-Url: https://git.cweiske.de/grauphel.git/blobdiff_plain/8ee6bfe97633d31c6b89cebbc434837eca04d6dd..0c9b45d210a5d94b3ba219e32b73233a5a795f61:/lib/notestorage.php

diff --git a/lib/notestorage.php b/lib/notestorage.php
index 7ecf049..6802e2f 100644
--- a/lib/notestorage.php
+++ b/lib/notestorage.php
@@ -246,9 +246,13 @@ class NoteStorage
     }
 
     /**
-     * Load a GUID of a note by the note title
+     * Load a GUID of a note by the note title.
      *
-     * @param string  $title Note title
+     * The note title is stored html-escaped in the database because we
+     * get it that way from tomboy. Thus we have to escape the search
+     * input, too.
+     *
+     * @param string $title Note title.
      *
      * @return string GUID, NULL if note could not be found
      */
@@ -257,7 +261,7 @@ class NoteStorage
         $row = \OC_DB::executeAudited(
             'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
             . ' WHERE `note_user` = ? AND `note_title` = ?',
-            array($this->username, $title)
+            array($this->username, htmlspecialchars($title))
         )->fetchRow();
 
         if ($row === false) {
@@ -267,6 +271,52 @@ class NoteStorage
         return $row['note_guid'];
     }
 
+    /**
+     * Search for a note
+     *
+     * @param array $keywords arrays of query strings within keys AND and NOT
+     *
+     * @return array Database rows with note_guid and note_title
+     */
+    public function search($keywordGroups)
+    {
+        if (!isset($keywordGroups['AND'])) {
+            $keywordGroups['AND'] = array();
+        }
+        if (!isset($keywordGroups['NOT'])) {
+            $keywordGroups['NOT'] = array();
+        }
+
+        $sqlTplAnd = ' AND (note_title LIKE ? OR note_tags LIKE ? OR note_content LIKE ?)';
+        $sqlTplNot = ' AND NOT (note_title LIKE ? OR note_tags LIKE ? OR note_content LIKE ?)';
+        $arData = array(
+            $this->username
+        );
+        foreach (array('AND', 'NOT') as $group) {
+            $keywords = $keywordGroups[$group];
+            foreach ($keywords as $keyword) {
+                $arData[] = '%' . $keyword . '%';//title
+                $arData[] = '%' . $keyword . '%';//tags
+                $arData[] = '%' . $keyword . '%';//content
+            }
+        }
+
+        $result = \OC_DB::executeAudited(
+            'SELECT `note_guid`, `note_title`'
+            . ' FROM `*PREFIX*grauphel_notes`'
+            . ' WHERE note_user = ?'
+            . str_repeat($sqlTplAnd, count($keywordGroups['AND']))
+            . str_repeat($sqlTplNot, count($keywordGroups['NOT'])),
+            $arData
+        );
+
+        $notes = array();
+        while ($row = $result->fetchRow()) {
+            $notes[] = $row;
+        }
+        return $notes;
+    }
+
     /**
      * Save a note into storage.
      *