From b2446258429c3458f8f2a8dbc3336b20b8f421c9 Mon Sep 17 00:00:00 2001
From: "pontus.horn" <pontus.horn@gmail.com>
Date: Wed, 6 Jul 2016 13:53:52 +0200
Subject: [PATCH] Modify the request file rather than the request URL, for
 better compatibility with other plugins

---
 40-PicoSearch.php | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/40-PicoSearch.php b/40-PicoSearch.php
index 7360ca3..b64f5a2 100644
--- a/40-PicoSearch.php
+++ b/40-PicoSearch.php
@@ -15,10 +15,10 @@ class PicoSearch extends AbstractPicoPlugin
     private $search_terms;
 
     /**
-	 * Parses the requested URL to determine if a search has been requested. The search may be
-	 * scoped to a folder. An example URL: yourdomain.com/blog/search/foobar/page/2,
-	 * which searches the /blog folder for "foobar" and shows the second page of results using
-	 * e.g. https://github.com/rewdy/Pico-Pagination.
+     * Parses the requested URL to determine if a search has been requested. The search may be
+     * scoped to a folder. An example URL: yourdomain.com/blog/search/foobar/page/2,
+     * which searches the /blog folder for "foobar" and shows the second page of results using
+     * e.g. https://github.com/rewdy/Pico-Pagination.
      *
      * @see    Pico::getBaseUrl()
      * @see    Pico::getRequestUrl()
@@ -28,7 +28,6 @@ class PicoSearch extends AbstractPicoPlugin
     public function onRequestUrl(&$url)
     {
         if (preg_match('/^(.+\/)?search\/([^\/]+)(\/.+)?$/', $url, $matches)) {
-            $url = $matches[1] . 'search' . ($matches[3] ?: '');
             $this->search_terms = urldecode($matches[2]);
 
             if (!empty($matches[1])) {
@@ -37,6 +36,35 @@ class PicoSearch extends AbstractPicoPlugin
         }
     }
 
+    /**
+     * If accessing search results, {@link Pico::discoverRequestFile()} will have failed since
+     * the search terms are included in the URL but do not map to a file. Therefore, 
+     *
+     * @see    Pico::discoverRequestFile()
+     * @param  string &$url request URL
+     * @return void
+     */
+    public function onRequestFile(&$file)
+    {
+        if ($this->search_terms) {
+            $pico = $this->getPico();
+
+            // Aggressively strip out any ./ or ../ parts from the search area before using it
+            // as the folder to look in. Should already be taken care of previously, but just
+            // as a safeguard to make sure nothing slips through the cracks.
+            if ($this->search_area) {
+                $folder = str_replace('\\', '/', $this->search_area);
+                $folder = preg_replace('~\b../~', '', $folder);
+                $folder = preg_replace('~\b./~', '', $folder);
+            }
+
+            $temp_file = $pico->getConfig('content_dir') . ($folder ?: '') . 'search' . $pico->getConfig('content_ext');
+            if (file_exists($temp_file)) {
+                $file = $temp_file;
+            }
+        }
+    }
+
     /**
      * If accessing search results, filter the $pages array to pages matching the search terms.
      *