From 193f966f14f028cc4ce3ca4e5d394655198eaddf Mon Sep 17 00:00:00 2001
From: Znote <stefan_brannfjell@live.no>
Date: Fri, 27 Jan 2017 00:36:18 +0100
Subject: [PATCH] Marketplace Small fixes.

---
 market.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/market.php b/market.php
index 31cf00d..a8efca6 100644
--- a/market.php
+++ b/market.php
@@ -91,22 +91,27 @@ if (!$compare) {
 	if (is_string($compare)) {
 		$query = array();
 		foreach ($items as $id => $name) {
-			if (strpos(strtolower($name), strtolower($compare)) !== false) {
+			if (strpos(strtolower($name), stripslashes(strtolower($compare))) !== false) {
 				$query[] = $id;
 			}
 		}
-		$condition = "`itemtype` IN (". implode(',', $query) .")";
+		$condition = (!empty($query)) ? "`itemtype` IN (". implode(',', $query) .")" : false;
 	}
 	
 	// First list active bids
-	$offers = mysql_select_multi("SELECT `mo`.`id`, `mo`.`sale`, `mo`.`itemtype` AS `item_id`, `mo`.`amount`, `mo`.`price`, `mo`.`created`, `mo`.`anonymous`, `p`.`name` AS `player_name` FROM `market_offers` AS `mo` INNER JOIN `players` AS `p` ON `mo`.`player_id`=`p`.`id` WHERE `mo`.$condition ORDER BY `mo`.`price` ASC;");
-	$historyOffers = mysql_select_multi("SELECT `id`, `itemtype` AS `item_id`, `amount`, `price`, `inserted`, `expires_at` FROM `market_history` WHERE $condition AND `state`='255' ORDER BY `price` ASC;");
+	if ($condition === false) {
+		$offers = array();
+		$historyOffers = array();
+	} else {
+		$offers = mysql_select_multi("SELECT `mo`.`id`, `mo`.`sale`, `mo`.`itemtype` AS `item_id`, `mo`.`amount`, `mo`.`price`, `mo`.`created`, `mo`.`anonymous`, `p`.`name` AS `player_name` FROM `market_offers` AS `mo` INNER JOIN `players` AS `p` ON `mo`.`player_id`=`p`.`id` WHERE `mo`.$condition ORDER BY `mo`.`price` ASC;");
+		$historyOffers = mysql_select_multi("SELECT `id`, `itemtype` AS `item_id`, `amount`, `price`, `inserted`, `expires_at` FROM `market_history` WHERE $condition AND `state`='255' ORDER BY `price` ASC;");
+	}
 	$buylist = false;
 
 	// Markup
 	$itemname = (isset($items[$compare])) ? $items[$compare] : $compare;
 	if (!is_string($compare)) echo "<h1>Comparing item: ". $itemname ."</h1>";
-	else echo "<h1>Search: $compare</h1>";
+	else echo "<h1>Search: ". stripslashes($compare) ."</h1>";
 	?>
 	<a href="market.php"><button>Go back</button></a>
 	<h2>Active offers</h2>