diff options
author | Paweł Sroka <srokap@gmail.com> | 2014-01-01 13:12:10 +0100 |
---|---|---|
committer | Paweł Sroka <srokap@gmail.com> | 2014-01-01 13:12:10 +0100 |
commit | 7006294fcbfab450289403b6519edb9d5d30ff35 (patch) | |
tree | 5dd58bccbe443795fd41aaa4afeafba6ed2a96d5 /mod/members | |
parent | 82b30f63043eba9c18999bd2a15301d62ead4a76 (diff) | |
parent | c1ea910e3b3b0bcc27a214383c9f6355a05dd495 (diff) | |
download | elgg-7006294fcbfab450289403b6519edb9d5d30ff35.tar.gz elgg-7006294fcbfab450289403b6519edb9d5d30ff35.tar.bz2 |
Merged in csrf_fix (pull request #7)
Added function for escaping query strings and fixed several XSRF vulnerabilities.
Diffstat (limited to 'mod/members')
-rw-r--r-- | mod/members/pages/members/search.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php index 1f0444d67..5466a8246 100644 --- a/mod/members/pages/members/search.php +++ b/mod/members/pages/members/search.php @@ -7,7 +7,9 @@ if ($vars['search_type'] == 'tag') { $tag = get_input('tag'); - $title = elgg_echo('members:title:searchtag', array($tag)); + $display_query = _elgg_get_display_query($tag);
+ + $title = elgg_echo('members:title:searchtag', array($display_query)); $options = array(); $options['query'] = $tag; @@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') { } else { $name = sanitize_string(get_input('name')); - $title = elgg_echo('members:title:searchname', array($name)); + $display_query = _elgg_get_display_query($name); + + $title = elgg_echo('members:title:searchname', array($display_query)); $db_prefix = elgg_get_config('dbprefix'); $params = array( |