From 18ee415456702b3ce3f913d229818c3219e261b0 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 25 Jun 2000 16:11:47 +0000
Subject: [PATCH] * Bugfixes:    - the stories in the submission queue should
 not be accesible.    - the author-field is redundant due to the public
 moderation.

---
 search.php | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/search.php b/search.php
index a157af8e04de..8228b41620fe 100644
--- a/search.php
+++ b/search.php
@@ -22,16 +22,6 @@
  }
  $output .= "</SELECT>";
 
- ### author:
- $output .= "  <SELECT NAME=\"author\">";
- $result = db_query("SELECT aid FROM authors ORDER BY aid");
- if ($author != "") $output .= " <OPTION VALUE=\"$author\">$author";
- $output .= " <OPTION VALUE=\"\">All authors";
- while(list($authors) = db_fetch_row($result)) {
-   $output .= "   <OPTION VALUE=\"$authors\">$authors";
- }
- $output .= "</SELECT>";
-
  ### order:
  $output .= "<SELECT NAME=\"order\">";
  if ($order == "Oldest first") {
@@ -51,10 +41,8 @@
  $output .= "  <TD>";
    
  ### Compose query:
- $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id != 0 ";
-     // Note: s.sid is a dummy clause used to enforce the WHERE-tag.
+ $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 ";
  if ($terms != "") $query .= "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.comments LIKE '%$terms%') ";
- if ($author != "") $query .= "AND u.userid = '$author' ";
  if ($category != "") $query .= "AND s.category = '$category' ";
  if ($order == "Oldest first") $query .= " ORDER BY s.timestamp ASC";
  else $query .= " ORDER BY s.timestamp DESC";
-- 
GitLab