diff options
author | Cash Costello <cash.costello@gmail.com> | 2011-11-28 19:44:20 -0500 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2011-11-28 19:44:20 -0500 |
commit | 6ce419887e7acfa690264a4d11df2c9d66d16099 (patch) | |
tree | fda4db86fdb0b9daf20e438ba69114d1fc8442e1 | |
parent | 7a7bdc518860e00809ede27f3cb2e6a31a49b83d (diff) | |
download | elgg-6ce419887e7acfa690264a4d11df2c9d66d16099.tar.gz elgg-6ce419887e7acfa690264a4d11df2c9d66d16099.tar.bz2 |
Fixes #4139 if no mbstring extension we strip characters for display with search
-rw-r--r-- | mod/search/pages/search/index.php | 7 | ||||
-rw-r--r-- | mod/search/views/default/search/search_box.php | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index c4e8d2219..efa3ec037 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -19,7 +19,12 @@ $query = stripslashes(get_input('q', get_input('tag', ''))); // @todo - create function for sanitization of strings for display in 1.8 // encode <,>,&, quotes and characters above 127 -$display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); +if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); +} else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $query); +} $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); // check that we have an actual query diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index 9440dd1de..87d59519c 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -24,7 +24,12 @@ $value = stripslashes($value); // @todo - create function for sanitization of strings for display in 1.8 // encode <,>,&, quotes and characters above 127 -$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); +if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); +} else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $value); +} $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); |