Help with Directory Search / case sensitivity

[tgq]

Hi there. I'm really not very savvy to PHP, but I was assigned maintaining a staff website that partially uses PHP.

 

I was asked to make a search function on the site. I tried copy/pasting the code for a search button that was on another portion of the site. It works okay, but I can't figure out how to make it ignore case when searching. I've figured out how to change whether it automatically corrects case, but that doesn't help as not all the files have the same case.

 

Here's the code that we have on there:

 

        <?php
$bResults = false;
$search = $_POST['search'];
$searchChunks = explode(" ", $search);
for($i = 0; $i < count($searchChunks); $i++)



foreach (glob("{*/*$searchChunks[$i]*.pdf,*/*/*$searchChunks[$i]*.pdf,*/*$searchChunks[$i]*.docx,*/*/*$searchChunks[$i]*.docx}", GLOB_BRACE) as $filename)
{
echo "<a href=\"".$filename."\">".$filename."</a><p>";
$bResults = true;
}

if (!$bResults)
{
printf("No matches for search criteria '%s'.\n", $search);
}
?>

[Jacques1]

The code lets anybody search the entire disk for documents, including the ones which you definitely don't want to see on the Internet. That's not very clever. Even if nobody cares about the website, they will care about major data leaks.

 

So don't be naive. Inserting raw user input into file paths is the last thing you should do. If there aren't too many files, just iterate over all documents in the specific subfolders (with a fixed pattern) and compare the file names with the user-provided search term. This also fixes the problem of case sensitivity, because you can use any comparison method you want.