From 5e005fe5477932cb2f2ae3b8eec99cbe8ba57cab Mon Sep 17 00:00:00 2001
From: tuxce <tuxce.net@gmail.com>
Date: Mon, 1 Nov 2010 21:18:17 +0100
Subject: [PATCH] AurJSON: enable multiple arguments for "info" method.

---
 web/lib/aurjson.class.php |   53 ++++++++++++++++++++++++++------------------
 1 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index a5b3f9e..9ce51db 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -121,38 +121,47 @@ class AurJSON {
      * @return mixed Returns an array of value data containing the package data
      **/
     private function info($pqdata) {
+        if (empty ($pqdata))
+            return $this->json_error('No result found');
         $base_query = "SELECT " . implode(',', $this->fields) .
             " FROM Packages WHERE DummyPkg=0 AND ";
-
-        if ( is_numeric($pqdata) ) {
-            // just using sprintf to coerce the pqd to an int
-            // should handle sql injection issues, since sprintf will
-            // bork if not an int, or convert the string to a number 0
-            $query_stub = "ID={$pqdata}";
-        }
-        else {
-            if(get_magic_quotes_gpc()) {
-                $pqdata = stripslashes($pqdata);
+        $pqdatas = explode (' ', $pqdata);
+        $query_stub = "( false ";
+        foreach ($pqdatas as $pqdata) {
+            if ( is_numeric($pqdata) ) {
+                // just using sprintf to coerce the pqd to an int
+                // should handle sql injection issues, since sprintf will
+                // bork if not an int, or convert the string to a number 0
+                $query_stub .= " OR ID={$pqdata}";
+            }
+            else {
+                if(get_magic_quotes_gpc()) {
+                    $pqdata = stripslashes($pqdata);
+                }
+                $query_stub .= sprintf(" OR Name=\"%s\"",
+                    mysql_real_escape_string($pqdata));
             }
-            $query_stub = sprintf("Name=\"%s\"",
-                mysql_real_escape_string($pqdata));
         }
+        $query_stub .= " )";
 
         $result = db_query($base_query.$query_stub, $this->dbh);
 
         if ( $result && (mysql_num_rows($result) > 0) ) {
-            $row = mysql_fetch_assoc($result);
-            mysql_free_result($result);
-            foreach($row as $name => $value) {
-                $converted = utf8_encode($value);
-                if ($converted != "") {
-                    $row[$name] = $converted;
-                }
-                else {
-                    $row[$name] = "[PKGBUILD error: non-UTF8 character]";
+            $info_data = array();
+            while ($row = mysql_fetch_assoc($result)) {
+                foreach($row as $name => $value) {
+                    $converted = utf8_encode($value);
+                    if ($converted != "") {
+                        $row[$name] = $converted;
+                    }
+                    else {
+                        $row[$name] = "[PKGBUILD error: non-UTF8 character]";
+                    }
                 }
+                array_push($info_data, $row);
             }
-            return $this->json_results('info', $row);
+            mysql_free_result($result);
+            return $this->json_results('info', $info_data);
         }
         else {
             return $this->json_error('No result found');
-- 
1.7.3.2