]> git.openstreetmap.org Git - nominatim.git/blobdiff - lib/Geocode.php
don't trust words from word table to be sanatized
[nominatim.git] / lib / Geocode.php
index 33b02d2b1f344eba920669f6ef8d29383def0e78..58bc3bfc1a2cf64d2528a7b5b5511d3dcfa27c61 100644 (file)
@@ -368,7 +368,7 @@ class Geocode
         $this->aAddressRankList = array();
 
         $this->aStructuredQuery = array();
-        $this->sAllowedTypesSQLList = False;
+        $this->sAllowedTypesSQLList = false;
 
         $this->loadStructuredAddressElement($sAmenity, 'amenity', 26, 30, false);
         $this->loadStructuredAddressElement($sStreet, 'street', 26, 30, false);
@@ -413,8 +413,7 @@ class Geocode
         if (sizeof($aPlaceIDs) == 0) return array();
 
         $sLanguagePrefArraySQL = getArraySQL(
-            array_map("getDBQuoted",
-            $this->aLangPrefOrder)
+            array_map("getDBQuoted", $this->aLangPrefOrder)
         );
 
         // Get the details for display (is this a redundant extra step?)
@@ -741,12 +740,15 @@ class Geocode
 
                         // If the token is valid
                         if (isset($aValidTokens[' '.$sToken])) {
-                            // Recheck if the original word shows up in the query.
-                            $bWordInQuery = false;
-                            if (isset($aSearchTerm['word']) && $aSearchTerm['word']) {
-                                $bWordInQuery = $this->normTerm($aSearchTerm['word']) !== false;
-                            }
                             foreach ($aValidTokens[' '.$sToken] as $aSearchTerm) {
+                                // Recheck if the original word shows up in the query.
+                                $bWordInQuery = false;
+                                if (isset($aSearchTerm['word']) && $aSearchTerm['word']) {
+                                    $bWordInQuery = strpos(
+                                        $sNormQuery,
+                                        $this->normTerm($aSearchTerm['word'])
+                                    ) !== false;
+                                }
                                 $aNewSearches = $oCurrentSearch->extendWithFullTerm(
                                     $aSearchTerm,
                                     $bWordInQuery,
@@ -786,7 +788,6 @@ class Geocode
                                         $aNewWordsetSearches[] = $oSearch;
                                     }
                                 }
-
                             }
                         }
                     }
@@ -889,8 +890,7 @@ class Geocode
 
         $sNormQuery = $this->normTerm($this->sQuery);
         $sLanguagePrefArraySQL = getArraySQL(
-            array_map("getDBQuoted",
-            $this->aLangPrefOrder)
+            array_map("getDBQuoted", $this->aLangPrefOrder)
         );
         $sCountryCodesSQL = false;
         if ($this->aCountryCodes) {
@@ -1180,7 +1180,7 @@ class Geocode
                         );
                     } elseif ($oSearch->isOperator(Operator::POSTCODE)) {
                         $aPlaceIDs = $oSearch->queryPostcode(
-                            $oDB,
+                            $this->oDB,
                             $sCountryCodesSQL,
                             $this->iLimit
                         );