lib/searchlib.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * @package    core
  20  * @subpackage search
  21  * @copyright  1999 onwards Martin Dougiamas  {@link http://moodle.com}
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 defined('MOODLE_INTERNAL') || die();
  26
  27 /** @see lexer.php */
  28 require_once($CFG->libdir.'/lexer.php');
  29
  30 /** Constants for the various types of tokens */
  31
  32 define("TOKEN_USER","0");
  33 define("TOKEN_META","1");
  34 define("TOKEN_EXACT","2");
  35 define("TOKEN_NEGATE","3");
  36 define("TOKEN_STRING","4");
  37 define("TOKEN_USERID","5");
  38 define("TOKEN_DATEFROM","6");
  39 define("TOKEN_DATETO","7");
  40 define("TOKEN_INSTANCE","8");
  41
  42 /**
  43  * Class to hold token/value pairs after they're parsed.
  44  *
  45  * @package   moodlecore
  46  * @copyright 1999 onwards Martin Dougiamas  {@link http://moodle.com}
  47  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  48  */
  49 class search_token {
  50   private $value;
  51   private $type;
  52
  53   function search_token($type,$value){
  54     $this->type = $type;
  55     $this->value = $this->sanitize($value);
  56
  57   }
  58
  59   // Try to clean up user input to avoid potential security issues.
  60   // Need to think about this some more.
  61
  62   function sanitize($userstring){
  63     return htmlspecialchars($userstring);
  64   }
  65   function getValue(){
  66     return $this->value;
  67   }
  68   function getType(){
  69     return $this->type;
  70   }
  71 }
  72
  73
  74 /**
  75  * This class does the heavy lifting of lexing the search string into tokens.
  76  * Using a full-blown lexer is probably overkill for this application, but
  77  * might be useful for other tasks.
  78  *
  79  * @package   moodlecore
  80  * @copyright 1999 onwards Martin Dougiamas  {@link http://moodle.com}
  81  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  82  */
  83 class search_lexer extends Lexer{
  84
  85   function search_lexer(&$parser){
  86
  87     // Call parent constructor.
  88     $this->Lexer($parser);
  89
  90     //Set up the state machine and pattern matches for transitions.
  91
  92     // Patterns to handle strings  of the form datefrom:foo
  93
  94     // If we see the string datefrom: while in the base accept state, start
  95     // parsing a username and go to the indatefrom state.
  96     $this->addEntryPattern("datefrom:\S+","accept","indatefrom");
  97
  98     // Snarf everything into the username until we see whitespace, then exit
  99     // back to the base accept state.
 100     $this->addExitPattern("\s","indatefrom");
 101
 102
 103     // Patterns to handle strings  of the form dateto:foo
 104
 105     // If we see the string dateto: while in the base accept state, start
 106     // parsing a username and go to the indateto state.
 107     $this->addEntryPattern("dateto:\S+","accept","indateto");
 108
 109     // Snarf everything into the username until we see whitespace, then exit
 110     // back to the base accept state.
 111     $this->addExitPattern("\s","indateto");
 112
 113
 114     // Patterns to handle strings  of the form instance:foo
 115
 116     // If we see the string instance: while in the base accept state, start
 117     // parsing for instance number and go to the ininstance state.
 118     $this->addEntryPattern("instance:\S+","accept","ininstance");
 119
 120     // Snarf everything into the username until we see whitespace, then exit
 121     // back to the base accept state.
 122     $this->addExitPattern("\s","ininstance");
 123
 124
 125     // Patterns to handle strings  of the form userid:foo
 126
 127     // If we see the string userid: while in the base accept state, start
 128     // parsing a username and go to the inuserid state.
 129     $this->addEntryPattern("userid:\S+","accept","inuserid");
 130
 131     // Snarf everything into the username until we see whitespace, then exit
 132     // back to the base accept state.
 133     $this->addExitPattern("\s","inuserid");
 134
 135
 136     // Patterns to handle strings  of the form user:foo
 137
 138     // If we see the string user: while in the base accept state, start
 139     // parsing a username and go to the inusername state.
 140     $this->addEntryPattern("user:\S+","accept","inusername");
 141
 142     // Snarf everything into the username until we see whitespace, then exit
 143     // back to the base accept state.
 144     $this->addExitPattern("\s","inusername");
 145
 146
 147     // Patterns to handle strings  of the form meta:foo
 148
 149    // If we see the string meta: while in the base accept state, start
 150     // parsing a username and go to the inmeta state.
 151     $this->addEntryPattern("subject:\S+","accept","inmeta");
 152
 153     // Snarf everything into the meta token until we see whitespace, then exit
 154     // back to the base accept state.
 155     $this->addExitPattern("\s","inmeta");
 156
 157
 158     // Patterns to handle required exact match strings (+foo) .
 159
 160     // If we see a + sign  while in the base accept state, start
 161     // parsing an exact match string and enter the inrequired state
 162     $this->addEntryPattern("\+\S+","accept","inrequired");
 163     // When we see white space, exit back to accept state.
 164     $this->addExitPattern("\s","inrequired");
 165
 166     // Handle excluded strings (-foo)
 167
 168    // If we see a - sign  while in the base accept state, start
 169     // parsing an excluded string and enter the inexcluded state
 170     $this->addEntryPattern("\-\S+","accept","inexcluded");
 171     // When we see white space, exit back to accept state.
 172     $this->addExitPattern("\s","inexcluded");
 173
 174
 175     // Patterns to handle quoted strings.
 176
 177     // If we see a quote  while in the base accept state, start
 178     // parsing a quoted string and enter the inquotedstring state.
 179     // Grab everything until we see the closing quote.
 180
 181     $this->addEntryPattern("\"[^\"]+","accept","inquotedstring");
 182
 183     // When we see a closing quote, reenter the base accept state.
 184     $this->addExitPattern("\"","inquotedstring");
 185
 186     // Patterns to handle ordinary, nonquoted words.
 187
 188     // When we see non-whitespace, snarf everything into the nonquoted word
 189     // until we see whitespace again.
 190     $this->addEntryPattern("\S+","accept","plainstring");
 191
 192     // Once we see whitespace, reenter the base accept state.
 193     $this->addExitPattern("\s","plainstring");
 194
 195   }
 196 }
 197
 198
 199
 200 /**
 201  * This class takes care of sticking the proper token type/value pairs into
 202  * the parsed token  array.
 203  * Most functions in this class should only be called by the lexer, the
 204  * one exception being getParseArray() which returns the result.
 205  *
 206  * @package   moodlecore
 207  * @copyright 1999 onwards Martin Dougiamas  {@link http://moodle.com}
 208  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 209  */
 210 class search_parser {
 211     private $tokens;
 212
 213     // This function is called by the code that's interested in the result of the parse operation.
 214     function get_parsed_array(){
 215         return $this->tokens;
 216     }
 217
 218     /*
 219      * Functions below this are part of the state machine for the parse
 220      * operation and should not be called directly.
 221      */
 222
 223     // Base state. No output emitted.
 224     function accept() {
 225         return true;
 226     }
 227
 228     // State for handling datefrom:foo constructs. Potentially emits a token.
 229     function indatefrom($content){
 230         if (strlen($content) < 10) { // State exit or missing parameter.
 231             return true;
 232         }
 233         // Strip off the datefrom: part and add the reminder to the parsed token array
 234         $param = trim(substr($content,9));
 235         $this->tokens[] = new search_token(TOKEN_DATEFROM,$param);
 236         return true;
 237     }
 238
 239     // State for handling dateto:foo constructs. Potentially emits a token.
 240     function indateto($content){
 241         if (strlen($content) < 8) { // State exit or missing parameter.
 242             return true;
 243         }
 244         // Strip off the dateto: part and add the reminder to the parsed token array
 245         $param = trim(substr($content,7));
 246         $this->tokens[] = new search_token(TOKEN_DATETO,$param);
 247         return true;
 248     }
 249
 250     // State for handling instance:foo constructs. Potentially emits a token.
 251     function ininstance($content){
 252         if (strlen($content) < 10) { // State exit or missing parameter.
 253             return true;
 254         }
 255         // Strip off the instance: part and add the reminder to the parsed token array
 256         $param = trim(substr($content,9));
 257         $this->tokens[] = new search_token(TOKEN_INSTANCE,$param);
 258         return true;
 259     }
 260
 261
 262     // State for handling userid:foo constructs. Potentially emits a token.
 263     function inuserid($content){
 264         if (strlen($content) < 8) { // State exit or missing parameter.
 265             return true;
 266         }
 267         // Strip off the userid: part and add the reminder to the parsed token array
 268         $param = trim(substr($content,7));
 269         $this->tokens[] = new search_token(TOKEN_USERID,$param);
 270         return true;
 271     }
 272
 273
 274     // State for handling user:foo constructs. Potentially emits a token.
 275     function inusername($content){
 276         if (strlen($content) < 6) { // State exit or missing parameter.
 277             return true;
 278         }
 279         // Strip off the user: part and add the reminder to the parsed token array
 280         $param = trim(substr($content,5));
 281         $this->tokens[] = new search_token(TOKEN_USER,$param);
 282         return true;
 283     }
 284
 285
 286     // State for handling meta:foo constructs. Potentially emits a token.
 287     function inmeta($content){
 288         if (strlen($content) < 9) { // Missing parameter.
 289             return true;
 290         }
 291         // Strip off the meta: part and add the reminder to the parsed token array.
 292         $param = trim(substr($content,8));
 293         $this->tokens[] = new search_token(TOKEN_META,$param);
 294         return true;
 295     }
 296
 297
 298     // State entered when we've seen a required string (+foo). Potentially
 299     // emits a token.
 300     function inrequired($content){
 301         if (strlen($content) < 2) { // State exit or missing parameter, don't emit.
 302             return true;
 303         }
 304         // Strip off the + sign and add the reminder to the parsed token array.
 305         $this->tokens[] = new search_token(TOKEN_EXACT,substr($content,1));
 306         return true;
 307     }
 308
 309     // State entered when we've seen an excluded string (-foo). Potentially
 310     // emits a token.
 311     function inexcluded($content){
 312         if (strlen($content) < 2) { // State exit or missing parameter.
 313             return true;
 314         }
 315         // Strip off the -sign and add the reminder to the parsed token array.
 316         $this->tokens[] = new search_token(TOKEN_NEGATE,substr($content,1));
 317         return true;
 318     }
 319
 320
 321     // State entered when we've seen a quoted string. Potentially emits a token.
 322     function inquotedstring($content){
 323         if (strlen($content) < 2) { // State exit or missing parameter.
 324             return true;
 325         }
 326         // Strip off the opening quote and add the reminder to the parsed token array.
 327         $this->tokens[] = new search_token(TOKEN_STRING,substr($content,1));
 328         return true;
 329     }
 330
 331     // State entered when we've seen an ordinary, non-quoted word. Potentially
 332     // emits a token.
 333     function plainstring($content){
 334         if (trim($content) === '') { // State exit
 335             return true;
 336         }
 337         // Add the string to the parsed token array.
 338         $this->tokens[] = new search_token(TOKEN_STRING,$content);
 339         return true;
 340     }
 341 }
 342
 343 /**
 344  * Primitive function to generate a SQL string from a parse tree
 345  * using TEXT indexes. If searches aren't suitable to use TEXT
 346  * this function calls the default search_generate_SQL() one.
 347  *
 348  * @deprecated since Moodle 2.9 MDL-48939
 349  * @todo MDL-48940 This will be deleted in Moodle 3.2
 350  * @see search_generate_SQL()
 351  */
 352 function search_generate_text_SQL($parsetree, $datafield, $metafield, $mainidfield, $useridfield,
 353                              $userfirstnamefield, $userlastnamefield, $timefield, $instancefield) {
 354     debugging('search_generate_text_SQL() is deprecated, please use search_generate_SQL() instead.', DEBUG_DEVELOPER);
 355
 356     return search_generate_SQL($parsetree, $datafield, $metafield, $mainidfield, $useridfield,
 357                                $userfirstnamefield, $userlastnamefield, $timefield, $instancefield);
 358 }
 359
 360 /**
 361  * Primitive function to generate a SQL string from a parse tree.
 362  * Parameters:
 363  *
 364  * $parsetree should be a parse tree generated by a
 365  * search_lexer/search_parser combination.
 366  * Other fields are database table names to search.
 367  *
 368  * @global object
 369  * @global object
 370  */
 371 function search_generate_SQL($parsetree, $datafield, $metafield, $mainidfield, $useridfield,
 372                              $userfirstnamefield, $userlastnamefield, $timefield, $instancefield) {
 373     global $CFG, $DB;
 374     static $p = 0;
 375
 376     if ($DB->sql_regex_supported()) {
 377         $REGEXP    = $DB->sql_regex(true);
 378         $NOTREGEXP = $DB->sql_regex(false);
 379     }
 380
 381     $params = array();
 382
 383     $ntokens = count($parsetree);
 384     if ($ntokens == 0) {
 385         return "";
 386     }
 387
 388     $SQLString = '';
 389
 390     for ($i=0; $i<$ntokens; $i++){
 391         if ($i > 0) {// We have more than one clause, need to tack on AND
 392             $SQLString .= ' AND ';
 393         }
 394
 395         $type = $parsetree[$i]->getType();
 396         $value = $parsetree[$i]->getValue();
 397
 398     /// Under Oracle and MSSQL, transform TOKEN searches into STRING searches and trim +- chars
 399         if (!$DB->sql_regex_supported()) {
 400             $value = trim($value, '+-');
 401             if ($type == TOKEN_EXACT) {
 402                 $type = TOKEN_STRING;
 403             }
 404         }
 405
 406         $name1 = 'sq'.$p++;
 407         $name2 = 'sq'.$p++;
 408
 409         switch($type){
 410             case TOKEN_STRING:
 411                 $SQLString .= "((".$DB->sql_like($datafield, ":$name1", false).") OR (".$DB->sql_like($metafield, ":$name2", false)."))";
 412                 $params[$name1] =  "%$value%";
 413                 $params[$name2] =  "%$value%";
 414                 break;
 415             case TOKEN_EXACT:
 416                 $SQLString .= "(($datafield $REGEXP :$name1) OR ($metafield $REGEXP :$name2))";
 417                 $params[$name1] =  "[[:<:]]".$value."[[:>:]]";
 418                 $params[$name2] =  "[[:<:]]".$value."[[:>:]]";
 419                 break;
 420             case TOKEN_META:
 421                 if ($metafield != '') {
 422                     $SQLString .= "(".$DB->sql_like($metafield, ":$name1", false).")";
 423                     $params[$name1] =  "%$value%";
 424                 }
 425                 break;
 426             case TOKEN_USER:
 427                 $SQLString .= "(($mainidfield = $useridfield) AND ((".$DB->sql_like($userfirstnamefield, ":$name1", false).") OR (".$DB->sql_like($userlastnamefield, ":$name2", false).")))";
 428                 $params[$name1] =  "%$value%";
 429                 $params[$name2] =  "%$value%";
 430                 break;
 431             case TOKEN_USERID:
 432                 $SQLString .= "($useridfield = :$name1)";
 433                 $params[$name1] =  $value;
 434                 break;
 435             case TOKEN_INSTANCE:
 436                 $SQLString .= "($instancefield = :$name1)";
 437                 $params[$name1] =  $value;
 438                 break;
 439             case TOKEN_DATETO:
 440                 $SQLString .= "($timefield <= :$name1)";
 441                 $params[$name1] =  $value;
 442                 break;
 443             case TOKEN_DATEFROM:
 444                 $SQLString .= "($timefield >= :$name1)";
 445                 $params[$name1] =  $value;
 446                 break;
 447             case TOKEN_NEGATE:
 448                 $SQLString .= "(NOT ((".$DB->sql_like($datafield, ":$name1", false).") OR (".$DB->sql_like($metafield, ":$name2", false).")))";
 449                 $params[$name1] =  "%$value%";
 450                 $params[$name2] =  "%$value%";
 451                 break;
 452             default:
 453                 return '';
 454
 455         }
 456     }
 457     return array($SQLString, $params);
 458 }