1 files changed, 71 insertions, 17 deletions

diff --git a/lib/classes/StudipSemSearchHelper.php b/lib/classes/StudipSemSearchHelper.php
index 172c845..754b650 100644
--- a/lib/classes/StudipSemSearchHelper.php
+++ b/lib/classes/StudipSemSearchHelper.php
@@ -53,14 +53,14 @@ class StudipSemSearchHelper {
 
     public function setParams($params, $visible_only = null)
     {
-        if(isset($params['quick_search']) && isset($params['qs_choose'])){
-            if($params['qs_choose'] == 'all'){
-                foreach (self::GetQuickSearchFields() as $key => $value){
+        if (isset($params['quick_search'], $params['qs_choose'])) {
+            if ($params['qs_choose'] === 'all'){
+                foreach (self::GetQuickSearchFields() as $key => $value) {
                     $params[$key] = $this->trim($params['quick_search']);
                 }
                 $params['combination'] = 'OR';
-            } elseif($params['qs_choose'] == 'title_lecturer_number') {
-                foreach (explode('_', 'title_lecturer_number') as $key){
+            } elseif ($params['qs_choose'] == 'title_lecturer_number') {
+                foreach (explode('_', 'title_lecturer_number') as $key) {
                     $params[$key] = $this->trim($params['quick_search']);
                 }
                 $params['combination'] = 'OR';
@@ -68,7 +68,11 @@ class StudipSemSearchHelper {
                 $params[$params['qs_choose']] = $this->trim($params['quick_search']);
             }
         }
-        if(!isset($params['combination'])) $params['combination'] = 'AND';
+
+        if (!isset($params['combination'])) {
+            $params['combination'] = 'AND';
+        }
+
         $this->params = $params;
         $this->visible_only = $visible_only;
     }
@@ -78,7 +82,6 @@ class StudipSemSearchHelper {
         if (count($this->params) === 0) {
             return false;
         }
-        $this->params = array_map('addslashes', $this->params);
 
         $db = DBManager::get();
         $join_sql   = [];
@@ -164,16 +167,7 @@ class StudipSemSearchHelper {
             $sql_params['institute_ids'] = $institute_ids;
         }
 
-        if (isset($this->params['lecturer']) && mb_strlen($this->params['lecturer']) > 2) {
-            //Search for lecturers:
-            $join_sql[] = "JOIN `seminar_user` USING (`seminar_id`)";
-            $join_sql[] = "JOIN `auth_user_md5` USING (`user_id`)";
-            $where_sql[] = "(
-                CONCAT(`auth_user_md5`.`Nachname`, ', ', `auth_user_md5`.`Vorname`, ' ', `auth_user_md5`.`Nachname`) LIKE CONCAT('%', :lecturer_name, '%')
-                OR `auth_user_md5`.`username` LIKE CONCAT('%', :lecturer_name, '%')
-                )";
-            $sql_params['lecturer_name'] = $this->params['lecturer'];
-        }
+        $this->getSearchCondition($where_sql, $join_sql, $sql_params);
 
         $query = sprintf(
             'SELECT DISTINCT `seminar_id` FROM `seminare` %s WHERE %s',
@@ -193,4 +187,64 @@ class StudipSemSearchHelper {
         $what = preg_replace("/^\x{00A0}+|\x{00A0}+$/Su", '', $what);
         return $what;
     }
+
+    private function hasSearchParam(string $key): bool
+    {
+        return isset($this->params[$key])
+            && mb_strlen($this->params[$key]) > 2;
+    }
+
+    private function getSearchCondition(
+        array &$where_sql,
+        array &$join_sql,
+        array &$sql_params
+    ): void {
+        $conditions = [];
+
+        if ($this->hasSearchParam('lecturer')) {
+            //Search for lecturers:
+            $join_sql[] = "JOIN `seminar_user` USING (`seminar_id`)";
+            $join_sql[] = "JOIN `auth_user_md5` USING (`user_id`)";
+
+            $conditions[] = "(
+                CONCAT(`auth_user_md5`.`Nachname`, ', ', `auth_user_md5`.`Vorname`, ' ', `auth_user_md5`.`Nachname`) LIKE CONCAT('%', :lecturer_name, '%')
+                OR `auth_user_md5`.`username` LIKE CONCAT('%', :lecturer_name, '%')
+                )";
+            $sql_params['lecturer_name'] = $this->params['lecturer'];
+        }
+
+        if ($this->hasSearchParam('number')) {
+            $conditions[] = "`seminare`.`VeranstaltungsNummer` LIKE CONCAT('%', :number, '%')";
+            $sql_params['number'] = $this->params['number'];
+        }
+
+        if ($this->hasSearchParam('title')) {
+            $terms = explode(' ', $this->params['title']);
+            $terms = array_map('trim', $terms);
+            $terms = array_filter($terms);
+            $terms = array_unique($terms);
+
+            $chunks = [];
+            foreach ($terms as $index => $term) {
+                $chunks[] = "`seminare`.`Name` LIKE CONCAT('%', :title{$index}, '%')";
+                $sql_params['title' . $index] = $term;
+            }
+
+            $conditions[] = '(' . implode(' AND ', $chunks) . ')';
+        }
+
+        if ($this->hasSearchParam('sub_title')) {
+            $conditions[] = "`seminare`.`Untertitel` LIKE CONCAT('%', :sub_title, '%')";
+            $sql_params['sub_title'] = $this->params['sub_title'];
+        }
+
+        if ($this->hasSearchParam('comment')) {
+            $conditions[] = "`seminare`.`Beschreibung` LIKE CONCAT('%', :description, '%')";
+            $sql_params['description'] = $this->params['comment'];
+        }
+
+        if (count($conditions) > 0) {
+            $where_sql[] = '(' . implode(' ' . $this->params['combination'] . ' ', $conditions) . ')';
+        }
+    }
 }