Added function for escaping query strings and fixed several XSRF vulnerabilities.

author: Paweł Sroka <srokap@gmail.com> 2013-09-12 05:59:18 +0200
committer: Paweł Sroka <srokap@gmail.com> 2013-09-12 05:59:18 +0200
commit: c1ea910e3b3b0bcc27a214383c9f6355a05dd495 (patch)
tree: 3c22e2c1015e775c3993329f16e9296dc2b57c1a /mod/members/pages
parent: 96fd62420124d8b22e9a368532240a5c5066d628 (diff)
download: elgg-c1ea910e3b3b0bcc27a214383c9f6355a05dd495.tar.gz
elgg-c1ea910e3b3b0bcc27a214383c9f6355a05dd495.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php
index 1f0444d67..5466a8246 100644
--- a/mod/members/pages/members/search.php
+++ b/mod/members/pages/members/search.php
@@ -7,7 +7,9 @@
 if ($vars['search_type'] == 'tag') {
 	$tag = get_input('tag');
 
-	$title = elgg_echo('members:title:searchtag', array($tag));
+	$display_query = _elgg_get_display_query($tag);
+
+	$title = elgg_echo('members:title:searchtag', array($display_query));
 
 	$options = array();
 	$options['query'] = $tag;
@@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') {
 } else {
 	$name = sanitize_string(get_input('name'));
 
-	$title = elgg_echo('members:title:searchname', array($name));
+	$display_query = _elgg_get_display_query($name);
+
+	$title = elgg_echo('members:title:searchname', array($display_query));
 
 	$db_prefix = elgg_get_config('dbprefix');
 	$params = array(
author	Paweł Sroka <srokap@gmail.com>	2013-09-12 05:59:18 +0200
committer	Paweł Sroka <srokap@gmail.com>	2013-09-12 05:59:18 +0200
commit	c1ea910e3b3b0bcc27a214383c9f6355a05dd495 (patch)
tree	3c22e2c1015e775c3993329f16e9296dc2b57c1a /mod/members/pages
parent	96fd62420124d8b22e9a368532240a5c5066d628 (diff)
download	elgg-c1ea910e3b3b0bcc27a214383c9f6355a05dd495.tar.gz elgg-c1ea910e3b3b0bcc27a214383c9f6355a05dd495.tar.bz2