Code Coverage for /Users/ericduran/Sites/drupal/drupal/core/modules/search/src/SearchQuery.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 9	CRAP	0.00% covered (danger)	0.00%	0 / 222
SearchQuery	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 9	3306	0.00% covered (danger)	0.00%	0 / 222
searchExpression				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 7
parseSearchExpression				0.00% covered (danger)	0.00%	0 / 1	650	0.00% covered (danger)	0.00%	0 / 89
parseWord				0.00% covered (danger)	0.00%	0 / 1	30	0.00% covered (danger)	0.00%	0 / 15
prepareAndNormalize				0.00% covered (danger)	0.00%	0 / 1	72	0.00% covered (danger)	0.00%	0 / 41
preExecute				0.00% covered (danger)	0.00%	0 / 1	12	0.00% covered (danger)	0.00%	0 / 8
addScore				0.00% covered (danger)	0.00%	0 / 1	12	0.00% covered (danger)	0.00%	0 / 15
execute				0.00% covered (danger)	0.00%	0 / 1	72	0.00% covered (danger)	0.00%	0 / 29
countQuery				0.00% covered (danger)	0.00%	0 / 1	12	0.00% covered (danger)	0.00%	0 / 16
getStatus				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 2

1	<?php
2
3	/**
4	* @file
5	* Contains \Drupal\search\SearchQuery.
6	*
7	* Search query extender and helper functions.
8	*/
9
10	namespace Drupal\search;
11
12	use Drupal\Component\Utility\Unicode;
13	use Drupal\Core\Database\Query\SelectExtender;
14	use Drupal\Core\Database\Query\SelectInterface;
15
16	/**
17	* Performs a query on the full-text search index for a word or words.
18	*
19	* This query is used by search plugins that use the search index (not all
20	* search plugins do, as some use a different searching mechanism). It
21	* assumes you have set up a query on the {search_index} table with alias 'i',
22	* and will only work if the user is searching for at least one "positive"
23	* keyword or phrase.
24	*
25	* For efficiency, users of this query can run the prepareAndNormalize()
26	* method to figure out if there are any search results, before fully setting
27	* up and calling execute() to execute the query. The scoring expressions are
28	* not needed until the execute() step. However, it's not really necessary
29	* to do this, because this class's execute() method does that anyway.
30	*
31	* During both the prepareAndNormalize() and execute() steps, there can be
32	* problems. Call getStatus() to figure out if the query is OK or not.
33	*
34	* The query object is given the tag 'search_$type' and can be further
35	* extended with hook_query_alter().
36	*/
37	class SearchQuery extends SelectExtender {
38
39	/**
40	* Indicates no positive keywords were in the search expression.
41	*
42	* Positive keywords are words that are searched for, as opposed to negative
43	* keywords, which are words that are excluded. To count as a keyword, a
44	* word must be at least
45	* \Drupal::config('search.settings')->get('index.minimum_word_size')
46	* characters.
47	*
48	* @see SearchQuery::getStatus()
49	*/
50	const NO_POSITIVE_KEYWORDS = 1;
51
52	/**
53	* Indicates that part of the search expression was ignored.
54	*
55	* To prevent Denial of Service attacks, only
56	* \Drupal::config('search.settings')->get('and_or_limit') expressions
57	* (positive keywords, phrases, negative keywords) are allowed; this flag
58	* indicates that expressions existed past that limit and they were removed.
59	*
60	* @see SearchQuery::getStatus()
61	*/
62	const EXPRESSIONS_IGNORED = 2;
63
64	/**
65	* Indicates that lower-case "or" was in the search expression.
66	*
67	* The word "or" in lower case was found in the search expression. This
68	* probably means someone was trying to do an OR search but used lower-case
69	* instead of upper-case.
70	*
71	* @see SearchQuery::getStatus()
72	*/
73	const LOWER_CASE_OR = 4;
74
75	/**
76	* Indicates that no positive keyword matches were found.
77	*
78	* @see SearchQuery::getStatus()
79	*/
80	const NO_KEYWORD_MATCHES = 8;
81
82	/**
83	* The keywords and advanced search options that are entered by the user.
84	*
85	* @var string
86	*/
87	protected $searchExpression;
88
89	/**
90	* The type of search (search type).
91	*
92	* This maps to the value of the type column in search_index, and is usually
93	* equal to the machine-readable name of the plugin or the search page.
94	*
95	* @var string
96	*/
97	protected $type;
98
99	/**
100	* Parsed-out positive and negative search keys.
101	*
102	* @var array
103	*/
104	protected $keys = array('positive' => array(), 'negative' => array());
105
106	/**
107	* Indicates whether the query conditions are simple or complex (LIKE).
108	*
109	* @var bool
110	*/
111	protected $simple = TRUE;
112
113	/**
114	* Conditions that are used for exact searches.
115	*
116	* This is always used for the second step in the query, but is not part of
117	* the preparation step unless $this->simple is FALSE.
118	*
119	* @var DatabaseCondition
120	*/
121	protected $conditions;
122
123	/**
124	* Indicates how many matches for a search query are necessary.
125	*
126	* @var int
127	*/
128	protected $matches = 0;
129
130	/**
131	* Array of positive search words.
132	*
133	* These words have to match against {search_index}.word.
134	*
135	* @var array
136	*/
137	protected $words = array();
138
139	/**
140	* Multiplier to normalize the keyword score.
141	*
142	* This value is calculated by the preparation step, and is used as a
143	* multiplier of the word scores to make sure they are between 0 and 1.
144	*
145	* @var float
146	*/
147	protected $normalize = 0;
148
149	/**
150	* Indicates whether the preparation step has been executed.
151	*
152	* @var bool
153	*/
154	protected $executedPrepare = FALSE;
155
156	/**
157	* A bitmap of status conditions, described in getStatus().
158	*
159	* @var int
160	*
161	* @see SearchQuery::getStatus()
162	*/
163	protected $status = 0;
164
165	/**
166	* The word score expressions.
167	*
168	* @var array
169	*
170	* @see SearchQuery::addScore()
171	*/
172	protected $scores = array();
173
174	/**
175	* Arguments for the score expressions.
176	*
177	* @var array
178	*/
179	protected $scoresArguments = array();
180
181	/**
182	* The number of 'i.relevance' occurrences in score expressions.
183	*
184	* @var int
185	*/
186	protected $relevance_count = 0;
187
188	/**
189	* Multipliers for score expressions.
190	*
191	* @var array
192	*/
193	protected $multiply = array();
194
195	/**
196	* Sets the search query expression.
197	*
198	* @param string $expression
199	* A search string, which can contain keywords and options.
200	* @param string $type
201	* The search type. This maps to {search_index}.type in the database.
202	*
203	* @return $this
204	*/
205	public function searchExpression($expression, $type) {
206	$this->searchExpression = $expression;
207	$this->type = $type;
208
209	// Add query tag.
210	$this->addTag('search_' . $type);
211
212	// Initialize conditions and status.
213	$this->conditions = db_and();
214	$this->status = 0;
215
216	return $this;
217	}
218
219	/**
220	* Parses the search query into SQL conditions.
221	*
222	* Sets up the following variables:
223	* - $this->keys
224	* - $this->words
225	* - $this->conditions
226	* - $this->simple
227	* - $this->matches
228	*/
229	protected function parseSearchExpression() {
230	// Matches words optionally prefixed by a - sign. A word in this case is
231	// something between two spaces, optionally quoted.
232	preg_match_all('/ (-?)("[^"]+"\|[^" ]+)/i', ' ' . $this->searchExpression , $keywords, PREG_SET_ORDER);
233
234	if (count($keywords) == 0) {
235	return;
236	}
237
238	// Classify tokens.
239	$in_or = FALSE;
240	$limit_combinations = \Drupal::config('search.settings')->get('and_or_limit');
241	// The first search expression does not count as AND.
242	$and_count = -1;
243	$or_count = 0;
244	foreach ($keywords as $match) {
245	if ($or_count && $and_count + $or_count >= $limit_combinations) {
246	// Ignore all further search expressions to prevent Denial-of-Service
247	// attacks using a high number of AND/OR combinations.
248	$this->status \|= SearchQuery::EXPRESSIONS_IGNORED;
249	break;
250	}
251
252	// Strip off phrase quotes.
253	$phrase = FALSE;
254	if ($match[2]{0} == '"') {
255	$match[2] = substr($match[2], 1, -1);
256	$phrase = TRUE;
257	$this->simple = FALSE;
258	}
259
260	// Simplify keyword according to indexing rules and external
261	// preprocessors. Use same process as during search indexing, so it
262	// will match search index.
263	$words = search_simplify($match[2]);
264	// Re-explode in case simplification added more words, except when
265	// matching a phrase.
266	$words = $phrase ? array($words) : preg_split('/ /', $words, -1, PREG_SPLIT_NO_EMPTY);
267	// Negative matches.
268	if ($match[1] == '-') {
269	$this->keys['negative'] = array_merge($this->keys['negative'], $words);
270	}
271	// OR operator: instead of a single keyword, we store an array of all
272	// OR'd keywords.
273	elseif ($match[2] == 'OR' && count($this->keys['positive'])) {
274	$last = array_pop($this->keys['positive']);
275	// Starting a new OR?
276	if (!is_array($last)) {
277	$last = array($last);
278	}
279	$this->keys['positive'][] = $last;
280	$in_or = TRUE;
281	$or_count++;
282	continue;
283	}
284	// AND operator: implied, so just ignore it.
285	elseif ($match[2] == 'AND' \|\| $match[2] == 'and') {
286	continue;
287	}
288
289	// Plain keyword.
290	else {
291	if ($match[2] == 'or') {
292	// Lower-case "or" instead of "OR" is a warning condition.
293	$this->status \|= SearchQuery::LOWER_CASE_OR;
294	}
295	if ($in_or) {
296	// Add to last element (which is an array).
297	$this->keys['positive'][count($this->keys['positive']) - 1] = array_merge($this->keys['positive'][count($this->keys['positive']) - 1], $words);
298	}
299	else {
300	$this->keys['positive'] = array_merge($this->keys['positive'], $words);
301	$and_count++;
302	}
303	}
304	$in_or = FALSE;
305	}
306
307	// Convert keywords into SQL statements.
308	$has_and = FALSE;
309	$has_or = FALSE;
310	// Positive matches.
311	foreach ($this->keys['positive'] as $key) {
312	// Group of ORed terms.
313	if (is_array($key) && count($key)) {
314	// If we had already found one OR, this is another one AND-ed with the
315	// first, meaning it is not a simple query.
316	if ($has_or) {
317	$this->simple = FALSE;
318	}
319	$has_or = TRUE;
320	$has_new_scores = FALSE;
321	$queryor = db_or();
322	foreach ($key as $or) {
323	list($num_new_scores) = $this->parseWord($or);
324	$has_new_scores \|= $num_new_scores;
325	$queryor->condition('d.data', "% $or %", 'LIKE');
326	}
327	if (count($queryor)) {
328	$this->conditions->condition($queryor);
329	// A group of OR keywords only needs to match once.
330	$this->matches += ($has_new_scores > 0);
331	}
332	}
333	// Single ANDed term.
334	else {
335	$has_and = TRUE;
336	list($num_new_scores, $num_valid_words) = $this->parseWord($key);
337	$this->conditions->condition('d.data', "% $key %", 'LIKE');
338	if (!$num_valid_words) {
339	$this->simple = FALSE;
340	}
341	// Each AND keyword needs to match at least once.
342	$this->matches += $num_new_scores;
343	}
344	}
345	if ($has_and && $has_or) {
346	$this->simple = FALSE;
347	}
348
349	// Negative matches.
350	foreach ($this->keys['negative'] as $key) {
351	$this->conditions->condition('d.data', "% $key %", 'NOT LIKE');
352	$this->simple = FALSE;
353	}
354	}
355
356	/**
357	* Parses a word or phrase for parseQuery().
358	*
359	* Splits a phrase into words. Adds its words to $this->words, if it is not
360	* already there. Returns a list containing the number of new words found,
361	* and the total number of words in the phrase.
362	*/
363	protected function parseWord($word) {
364	$num_new_scores = 0;
365	$num_valid_words = 0;
366
367	// Determine the scorewords of this word/phrase.
368	$split = explode(' ', $word);
369	foreach ($split as $s) {
370	$num = is_numeric($s);
371	if ($num \|\| Unicode::strlen($s) >= \Drupal::config('search.settings')->get('index.minimum_word_size')) {
372	if (!isset($this->words[$s])) {
373	$this->words[$s] = $s;
374	$num_new_scores++;
375	}
376	$num_valid_words++;
377	}
378	}
379
380	// Return matching snippet and number of added words.
381	return array($num_new_scores, $num_valid_words);
382	}
383
384	/**
385	* Prepares the query and calculates the normalization factor.
386	*
387	* After the query is normalized the keywords are weighted to give the results
388	* a relevancy score. The query is ready for execution after this.
389	*
390	* Error and warning conditions can apply. Call getStatus() after calling
391	* this method to retrieve them.
392	*
393	* @return bool
394	* TRUE if at least one keyword matched the search index; FALSE if not.
395	*/
396	public function prepareAndNormalize() {
397	$this->parseSearchExpression();
398	$this->executedPrepare = TRUE;
399
400	if (count($this->words) == 0) {
401	// Although the query could proceed, there is no point in joining
402	// with other tables and attempting to normalize if there are no
403	// keywords present.
404	$this->status \|= SearchQuery::NO_POSITIVE_KEYWORDS;
405	return FALSE;
406	}
407
408	// Build the basic search query: match the entered keywords.
409	$or = db_or();
410	foreach ($this->words as $word) {
411	$or->condition('i.word', $word);
412	}
413	$this->condition($or);
414
415	// Add keyword normalization information to the query.
416	$this->join('search_total', 't', 'i.word = t.word');
417	$this
418	->condition('i.type', $this->type)
419	->groupBy('i.type')
420	->groupBy('i.sid');
421
422	// If the query is simple, we should have calculated the number of
423	// matching words we need to find, so impose that criterion. For non-
424	// simple queries, this condition could lead to incorrectly deciding not
425	// to continue with the full query.
426	if ($this->simple) {
427	$this->having('COUNT(*) >= :matches', array(':matches' => $this->matches));
428	}
429
430	// Clone the query object to calculate normalization.
431	$normalize_query = clone $this->query;
432
433	// For complex search queries, add the LIKE conditions; if the query is
434	// simple, we do not need them for normalization.
435	if (!$this->simple) {
436	$normalize_query->join('search_dataset', 'd', 'i.sid = d.sid AND i.type = d.type AND i.langcode = d.langcode');
437	if (count($this->conditions)) {
438	$normalize_query->condition($this->conditions);
439	}
440	}
441
442	// Calculate normalization, which is the max of all the search scores for
443	// positive keywords in the query. And note that the query could have other
444	// fields added to it by the user of this extension.
445	$normalize_query->addExpression('SUM(i.score * t.count)', 'calculated_score');
446	$result = $normalize_query
447	->range(0, 1)
448	->orderBy('calculated_score', 'DESC')
449	->execute()
450	->fetchObject();
451	if (isset($result->calculated_score)) {
452	$this->normalize = (float) $result->calculated_score;
453	}
454
455	if ($this->normalize) {
456	return TRUE;
457	}
458
459	// If the normalization value was zero, that indicates there were no
460	// matches to the supplied positive keywords.
461	$this->status \|= SearchQuery::NO_KEYWORD_MATCHES;
462	return FALSE;
463	}
464
465	/**
466	* {@inheritdoc}
467	*/
468	public function preExecute(SelectInterface $query = NULL) {
469	if (!$this->executedPrepare) {
470	$this->prepareAndNormalize();
471	}
472
473	if (!$this->normalize) {
474	return FALSE;
475	}
476
477	return parent::preExecute($query);
478	}
479
480	/**
481	* Adds a custom score expression to the search query.
482	*
483	* Score expressions are used to order search results. If no calls to
484	* addScore() have taken place, a default keyword relevance score will be
485	* used. However, if at least one call to addScore() has taken place, the
486	* keyword relevance score is not automatically added.
487	*
488	* Note that you must use this method to add ordering to your searches, and
489	* not call orderBy() directly, when using the SearchQuery extender. This is
490	* because of the two-pass system the SearchQuery class uses to normalize
491	* scores.
492	*
493	* @param string $score
494	* The score expression, which should evaluate to a number between 0 and 1.
495	* The string 'i.relevance' in a score expression will be replaced by a
496	* measure of keyword relevance between 0 and 1.
497	* @param array $arguments
498	* Query arguments needed to provide values to the score expression.
499	* @param float $multiply
500	* If set, the score is multiplied with this value. However, all scores
501	* with multipliers are then divided by the total of all multipliers, so
502	* that overall, the normalization is maintained.
503	*
504	* @return $this
505	*/
506	public function addScore($score, $arguments = array(), $multiply = FALSE) {
507	if ($multiply) {
508	$i = count($this->multiply);
509	// Modify the score expression so it is multiplied by the multiplier,
510	// with a divisor to renormalize. Note that the ROUND here is necessary
511	// for PostgreSQL and SQLite in order to ensure that the :multiply_* and
512	// :total_* arguments are treated as a numeric type, because the
513	// PostgreSQL PDO driver sometimes puts values in as strings instead of
514	// numbers in complex expressions like this.
515	$score = "(ROUND(:multiply_$i, 4)) * COALESCE(($score), 0) / (ROUND(:total_$i, 4))";
516	// Add an argument for the multiplier. The :total_$i argument is taken
517	// care of in the execute() method, which is when the total divisor is
518	// calculated.
519	$arguments[':multiply_' . $i] = $multiply;
520	$this->multiply[] = $multiply;
521	}
522
523	// Search scoring needs a way to include a keyword relevance in the score.
524	// For historical reasons, this is done by putting 'i.relevance' into the
525	// search expression. So, use string replacement to change this to a
526	// calculated query expression, counting the number of occurrences so
527	// in the execute() method we can add arguments.
528	while (($pos = strpos($score, 'i.relevance')) !== FALSE) {
529	$pieces = explode('i.relevance', $score, 2);
530	$score = implode('((ROUND(:normalization_' . $this->relevance_count . ', 4)) * i.score * t.count)', $pieces);
531	$this->relevance_count++;
532	}
533
534	$this->scores[] = $score;
535	$this->scoresArguments += $arguments;
536
537	return $this;
538	}
539
540	/**
541	* Executes the search.
542	*
543	* The complex conditions are applied to the query including score
544	* expressions and ordering.
545	*
546	* Error and warning conditions can apply. Call getStatus() after calling
547	* this method to retrieve them.
548	*
549	* @return \Drupal\Core\Database\StatementInterface\|null
550	* A query result set containing the results of the query.
551	*/
552	public function execute() {
553	if (!$this->preExecute($this)) {
554	return NULL;
555	}
556
557	// Add conditions to the query.
558	$this->join('search_dataset', 'd', 'i.sid = d.sid AND i.type = d.type AND i.langcode = d.langcode');
559	if (count($this->conditions)) {
560	$this->condition($this->conditions);
561	}
562
563	// Add default score (keyword relevance) if there are not any defined.
564	if (empty($this->scores)) {
565	$this->addScore('i.relevance');
566	}
567
568	if (count($this->multiply)) {
569	// Re-normalize scores with multipliers by dividing by the total of all
570	// multipliers. The expressions were altered in addScore(), so here just
571	// add the arguments for the total.
572	$sum = array_sum($this->multiply);
573	for ($i = 0; $i < count($this->multiply); $i++) {
574	$this->scoresArguments[':total_' . $i] = $sum;
575	}
576	}
577
578
579	// Add arguments for the keyword relevance normalization number.
580	$normalization = 1.0 / $this->normalize;
581	for ($i = 0; $i < $this->relevance_count; $i++ ) {
582	$this->scoresArguments[':normalization_' . $i] = $normalization;
583	}
584
585	// Add all scores together to form a query field.
586	$this->addExpression('SUM(' . implode(' + ', $this->scores) . ')', 'calculated_score', $this->scoresArguments);
587
588	// If an order has not yet been set for this query, add a default order
589	// that sorts by the calculated sum of scores.
590	if (count($this->getOrderBy()) == 0) {
591	$this->orderBy('calculated_score', 'DESC');
592	}
593
594	// Add query metadata.
595	$this
596	->addMetaData('normalize', $this->normalize)
597	->fields('i', array('type', 'sid'));
598	return $this->query->execute();
599	}
600
601	/**
602	* Builds the default count query for SearchQuery.
603	*
604	* Since SearchQuery always uses GROUP BY, we can default to a subquery. We
605	* also add the same conditions as execute() because countQuery() is called
606	* first.
607	*/
608	public function countQuery() {
609	if (!$this->executedPrepare) {
610	$this->prepareAndNormalize();
611	}
612
613	// Clone the inner query.
614	$inner = clone $this->query;
615
616	// Add conditions to query.
617	$inner->join('search_dataset', 'd', 'i.sid = d.sid AND i.type = d.type');
618	if (count($this->conditions)) {
619	$inner->condition($this->conditions);
620	}
621
622	// Remove existing fields and expressions, they are not needed for a count
623	// query.
624	$fields =& $inner->getFields();
625	$fields = array();
626	$expressions =& $inner->getExpressions();
627	$expressions = array();
628
629	// Add sid as the only field and count them as a subquery.
630	$count = db_select($inner->fields('i', array('sid')), NULL, array('target' => 'replica'));
631
632	// Add the COUNT() expression.
633	$count->addExpression('COUNT(*)');
634
635	return $count;
636	}
637
638	/**
639	* Returns the query status bitmap.
640	*
641	* @return int
642	* A bitmap indicating query status. Zero indicates there were no problems.
643	* A non-zero value is a combination of one or more of the following flags:
644	* - SearchQuery::NO_POSITIVE_KEYWORDS
645	* - SearchQuery::EXPRESSIONS_IGNORED
646	* - SearchQuery::LOWER_CASE_OR
647	* - SearchQuery::NO_KEYWORD_MATCHES
648	*/
649	public function getStatus() {
650	return $this->status;
651	}
652
653	}