Sanitising string on tag search.

git-svn-id: http://code.elgg.org/elgg/trunk@3647 36083f99-b078-4883-b0ff-0f9b5a30f544
author: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-09 21:08:45 +0000
committer: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-09 21:08:45 +0000
commit: ce397b5423636181de8ca1c8997eb021e8d6e6b4 (patch)
tree: a612c6c16c9ff7c5cdfe3b53bad2c61a1eb2781a
parent: 3e795f3f87a602b8ea77759f89fe0cb791b616ae (diff)
download: elgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.gz
elgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 95ef3fc85..60cb1e8c4 100644
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -164,7 +164,8 @@ function search_users_hook($hook, $type, $value, $params) {
 function search_tags_hook($hook, $type, $value, $params) {
 	global $CONFIG;
 
-	$query = $params['query'];
+	// @todo will need to split this up to support searching multiple tags at once.
+	$query = santitise_string($params['query']);
 	$params['metadata_name_value_pair'] = array ('name' => 'tags', 'value' => $query, 'case_sensitive' => FALSE);
 
 	$entities = elgg_get_entities_from_metadata($params);
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-09 21:08:45 +0000
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-09 21:08:45 +0000
commit	ce397b5423636181de8ca1c8997eb021e8d6e6b4 (patch)
tree	a612c6c16c9ff7c5cdfe3b53bad2c61a1eb2781a
parent	3e795f3f87a602b8ea77759f89fe0cb791b616ae (diff)
download	elgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.gz elgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.bz2