aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-11-28 19:44:20 -0500
committerCash Costello <cash.costello@gmail.com>2011-11-28 19:44:20 -0500
commit6ce419887e7acfa690264a4d11df2c9d66d16099 (patch)
treefda4db86fdb0b9daf20e438ba69114d1fc8442e1
parent7a7bdc518860e00809ede27f3cb2e6a31a49b83d (diff)
downloadelgg-6ce419887e7acfa690264a4d11df2c9d66d16099.tar.gz
elgg-6ce419887e7acfa690264a4d11df2c9d66d16099.tar.bz2
Fixes #4139 if no mbstring extension we strip characters for display with search
-rw-r--r--mod/search/pages/search/index.php7
-rw-r--r--mod/search/views/default/search/search_box.php7
2 files changed, 12 insertions, 2 deletions
diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php
index c4e8d2219..efa3ec037 100644
--- a/mod/search/pages/search/index.php
+++ b/mod/search/pages/search/index.php
@@ -19,7 +19,12 @@ $query = stripslashes(get_input('q', get_input('tag', '')));
// @todo - create function for sanitization of strings for display in 1.8
// encode <,>,&, quotes and characters above 127
-$display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8');
+if (function_exists('mb_convert_encoding')) {
+ $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8');
+} else {
+ // if no mbstring extension, we just strip characters
+ $display_query = preg_replace("/[^\x01-\x7F]/", "", $query);
+}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
// check that we have an actual query
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index 9440dd1de..87d59519c 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -24,7 +24,12 @@ $value = stripslashes($value);
// @todo - create function for sanitization of strings for display in 1.8
// encode <,>,&, quotes and characters above 127
-$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+if (function_exists('mb_convert_encoding')) {
+ $display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+} else {
+ // if no mbstring extension, we just strip characters
+ $display_query = preg_replace("/[^\x01-\x7F]/", "", $value);
+}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);