Fixes #4139 if no mbstring extension we strip characters for display with search

2 files changed, 12 insertions, 2 deletions

diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php
index c4e8d2219..efa3ec037 100644
--- a/mod/search/pages/search/index.php
+++ b/mod/search/pages/search/index.php
@@ -19,7 +19,12 @@ $query = stripslashes(get_input('q', get_input('tag', '')));
 
 // @todo - create function for sanitization of strings for display in 1.8
 // encode <,>,&, quotes and characters above 127
-$display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8');
+if (function_exists('mb_convert_encoding')) {
+	$display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8');
+} else {
+	// if no mbstring extension, we just strip characters
+	$display_query = preg_replace("/[^\x01-\x7F]/", "", $query);
+}
 $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
 
 // check that we have an actual query
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index 9440dd1de..87d59519c 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -24,7 +24,12 @@ $value = stripslashes($value);
 
 // @todo - create function for sanitization of strings for display in 1.8
 // encode <,>,&, quotes and characters above 127
-$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+if (function_exists('mb_convert_encoding')) {
+	$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+} else {
+	// if no mbstring extension, we just strip characters
+	$display_query = preg_replace("/[^\x01-\x7F]/", "", $value);
+}
 $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);