PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

This is How: I Limit Results per_page | PHP Code included

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • This is How: I Limit Results per_page | PHP Code included

    What it does.

    Effectively Limits URL manipulation not injection related to the Results Per page
    Returned using Zoom Search.



    Example query.

    http://example.com/search/index.php?zoom_query=dog&zoom_per_page=10

    10 results would be on each page returned. 10 is the default Per_page.

    If the visitors had the knowledge and wanted to He could change the URL to read;

    http://example.com/search/index.php?zoom_query=dog&zoom_per_page=1000
    Causing 1000 results per page to be displayed.

    Lets say for some reason you don't want visitors to ever have more the 35 returned.

    Use the below form to prevent more the 35 results from ever being shown on 1 page.

    #############################################
    NOTE: Changing this is a matter of your personal reasons. THIS IS NOT A BUG. And by not using this
    tool ZOOM will function normal.
    In short there is nothing wrong with Zoom as it is.
    ###############################################

    Save the code below and name it perpage.php
    Place it in the same directory on your server as your Zoom search.php .
    Open your browser and Navigate to the "perpage.php".

    Next, change you URL in your browsers address bar only change search.php to search1.php. Leave the rest as is.
    You should have a page the looks exactly like the search page you were using prior.


    To finalize the change

    Go back to the folder where you earlier placed the "perpage.php".
    Rename search.php to search.phpbak and search1.php to search.php
    All should be normal. Do a search and try changing the URL zoom_per_page= to something greater then 35.

    Regards


    PHP Code:
      <?php
      
    //#######//KILL ERRORS
      
    error_reporting(0);

        
    //#######//Get search.php
       
    $html file_get_contents("search.php");
       
    //#######//  locate Array variables  and Change them
       
    $html str_replace('$per_page = 1;'' $per_page = 1; if ($per_page > 35) $per_page = 35;'$html);
       
    //#######//  Create new file
      
    $fp=fopen("search1.php",'w');
      
    //#######//write new search page
      
    fwrite($fp,$html);
       
    //#######// Close new search page
      
    fclose($fp);
    echo 
    'Done';
       
    ?>
    Note in the above code. "35" can be changed. That is the value for the MAXIMUM amount of results that will return.TO UNDO JUST REPLACE the altered search.php with an original search.php.
    Last edited by z00m user; Apr-26-2010, 05:26 AM.

  • #2
    Just to clarify.
    - This code will only work with the PHP script option (and not the ASP, .NET, CGI nor Javascript options).
    - It really only safe to use this method on a particular release of Zoom. Future and past script releases might invalidate the change, and there is no error checking in your patch script to see when it worked or not.
    - If you are not careful you will end up uploading the orginal version of search.php next time you update your index an overwrite the patch.
    - The use of the word "URL injection" will imply to some people that this is a security issue related to SQL injection. It isn't. We don't use SQL, and this is only about a user interface perference issue.

    Comment


    • #3
      indeed

      "Injection" was just a fancy word Used. It has nothing to do With a Security
      risk with Zoom search. The creators/programmers of Zoom have taken extraordinary steps to insure that Your site search integrates safely.

      Just re-iterate. There is no issue(s) effecting Zoom's security.
      Just re-iterate. There is no issue(s) effecting Zoom's security.



      And "Experimenting" or changing any part of your search script. Is most likely discouraged by the Guys at Wrensoft.
      And if you choose to. Please understand what your are doing.

      Never test on a "Live" search.
      Always have a backup.

      If you screw up the original search.php
      An original can be located by opening up Zoom.exe program.

      Menu
      Tools
      Open "Extras" folder
      Then navigate up 1 folder to
      scripts
      PHP or ASP
      C:\ProgramData\Wrensoft\Zoom Search Engine Indexer\scripts\PHP or ASP


      AS ALWAYS The guys at zoom May help you if you screw up your search index. But they would rather you DID Not change the code.


      I do not Work for Wrensoft.

      USE AT OWN RISK>>>>>>>>>>>
      Last edited by z00m user; Apr-26-2010, 04:43 AM.

      Comment

      Working...
      X