aboutsummaryrefslogtreecommitdiff
path: root/mod/members
diff options
context:
space:
mode:
authorPaweł Sroka <srokap@gmail.com>2014-01-01 13:12:10 +0100
committerPaweł Sroka <srokap@gmail.com>2014-01-01 13:12:10 +0100
commit7006294fcbfab450289403b6519edb9d5d30ff35 (patch)
tree5dd58bccbe443795fd41aaa4afeafba6ed2a96d5 /mod/members
parent82b30f63043eba9c18999bd2a15301d62ead4a76 (diff)
parentc1ea910e3b3b0bcc27a214383c9f6355a05dd495 (diff)
downloadelgg-7006294fcbfab450289403b6519edb9d5d30ff35.tar.gz
elgg-7006294fcbfab450289403b6519edb9d5d30ff35.tar.bz2
Merged in csrf_fix (pull request #7)
Added function for escaping query strings and fixed several XSRF vulnerabilities.
Diffstat (limited to 'mod/members')
-rw-r--r--mod/members/pages/members/search.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php
index 1f0444d67..5466a8246 100644
--- a/mod/members/pages/members/search.php
+++ b/mod/members/pages/members/search.php
@@ -7,7 +7,9 @@
if ($vars['search_type'] == 'tag') {
$tag = get_input('tag');
- $title = elgg_echo('members:title:searchtag', array($tag));
+ $display_query = _elgg_get_display_query($tag);
+
+ $title = elgg_echo('members:title:searchtag', array($display_query));
$options = array();
$options['query'] = $tag;
@@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') {
} else {
$name = sanitize_string(get_input('name'));
- $title = elgg_echo('members:title:searchname', array($name));
+ $display_query = _elgg_get_display_query($name);
+
+ $title = elgg_echo('members:title:searchname', array($display_query));
$db_prefix = elgg_get_config('dbprefix');
$params = array(