diff options
| author | Sem <sembrestels@riseup.net> | 2014-01-22 04:05:47 +0100 |
|---|---|---|
| committer | Sem <sembrestels@riseup.net> | 2014-01-22 04:05:47 +0100 |
| commit | 68614b769f4ae4f28c3f395f47b68baba7c48c64 (patch) | |
| tree | 2c5a744a3859d27883f92b72aef9cf81f1a947d0 /mod/search/pages/search/index.php | |
| parent | 69e2d8c5d8732042c9319aef1fdea45a82b63e42 (diff) | |
| parent | c0295c275d6edbca6c6c8bb51dc199150d0d5fc3 (diff) | |
| download | elgg-68614b769f4ae4f28c3f395f47b68baba7c48c64.tar.gz elgg-68614b769f4ae4f28c3f395f47b68baba7c48c64.tar.bz2 | |
Merge branch 'release/1.8.1'
Diffstat (limited to 'mod/search/pages/search/index.php')
| -rw-r--r-- | mod/search/pages/search/index.php | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index fcd95c43e..9542e0751 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -17,15 +17,7 @@ $search_type = get_input('search_type', 'all'); // XSS protection is more important that searching for HTML. $query = stripslashes(get_input('q', get_input('tag', ''))); -// @todo - create function for sanitization of strings for display in 1.8 -// encode <,>,&, quotes and characters above 127 -if (function_exists('mb_convert_encoding')) { - $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); -} else { - // if no mbstring extension, we just strip characters - $display_query = preg_replace("/[^\x01-\x7F]/", "", $query); -} -$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); +$display_query = _elgg_get_display_query($query); // check that we have an actual query if (!$query) { @@ -63,7 +55,7 @@ switch ($sort) { break; } -$order = get_input('sort', 'desc'); +$order = get_input('order', 'desc'); if ($order != 'asc' && $order != 'desc') { $order = 'desc'; } |