diff options
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/itemcontroller.php | 14 | ||||
| -rw-r--r-- | controller/pagecontroller.php | 25 |
2 files changed, 24 insertions, 15 deletions
diff --git a/controller/itemcontroller.php b/controller/itemcontroller.php index bf63bc0b8..7a500a88f 100644 --- a/controller/itemcontroller.php +++ b/controller/itemcontroller.php @@ -56,10 +56,11 @@ class ItemController extends Controller { * @param int $offset * @param bool $showAll * @param bool $oldestFirst + * @param string $search * @return array */ public function index($type, $id, $limit=50, $offset=0, $showAll=null, - $oldestFirst=null) { + $oldestFirst=null, $search='') { // in case this is called directly and not from the website use the // internal state @@ -82,6 +83,15 @@ class ItemController extends Controller { $params = []; + // split search parameter on url space + $search = trim(urldecode($search)); + $search = preg_replace('/\s+/', ' ', $search); // remove multiple ws + if ($search === '') { + $search = []; + } else { + $search = explode(' ', $search); + } + try { // the offset is 0 if the user clicks on a new feed @@ -97,7 +107,7 @@ class ItemController extends Controller { $params['items'] = $this->itemService->findAll( $id, $type, $limit, $offset, $showAll, $oldestFirst, - $this->userId + $this->userId, $search ); // this gets thrown if there are no items diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php index 88e3c9016..5768549c6 100644 --- a/controller/pagecontroller.php +++ b/controller/pagecontroller.php @@ -13,13 +13,14 @@ namespace OCA\News\Controller; -use OCP\AppFramework\Http\TemplateResponse; -use OCP\AppFramework\Http\JSONResponse; use OCP\IRequest; use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\ContentSecurityPolicy; use OCA\News\Service\StatusService; use OCA\News\Config\AppConfig; @@ -70,17 +71,15 @@ class PageController extends Controller { 'cronWarning' => $status['warnings']['improperlyConfiguredCron'] ]); - // set csp rules for ownCloud 8.1 - if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) { - $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); - $csp->addAllowedImageDomain('*'); - $csp->addAllowedMediaDomain('*'); - $csp->addAllowedFrameDomain('https://youtube.com'); - $csp->addAllowedFrameDomain('https://www.youtube.com'); - $csp->addAllowedFrameDomain('https://player.vimeo.com'); - $csp->addAllowedFrameDomain('https://www.player.vimeo.com'); - $response->setContentSecurityPolicy($csp); - } + $csp = new ContentSecurityPolicy(); + $csp->addAllowedImageDomain('*') + ->addAllowedMediaDomain('*') + ->addAllowedConnectDomain('*') // chrome breaks on audio elements + ->addAllowedFrameDomain('https://youtube.com') + ->addAllowedFrameDomain('https://www.youtube.com') + ->addAllowedFrameDomain('https://player.vimeo.com') + ->addAllowedFrameDomain('https://www.player.vimeo.com'); + $response->setContentSecurityPolicy($csp); return $response; } |