Refs #3179 pulled fix for search query encoding into trunk from 1.7 branch

git-svn-id: http://code.elgg.org/elgg/trunk@8919 36083f99-b078-4883-b0ff-0f9b5a30f544
author: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2011-04-02 19:45:39 +0000
committer: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2011-04-02 19:45:39 +0000
commit: a867d66e7701e24a57ca55841594b35bbebdc366 (patch)
tree: 5b22f00a7401af03f763d91d8616b421cd3fe372 /mod/search/views/default/search/search_box.php
parent: 0b7110504e6e7557b025ff274ca942d1562f13ee (diff)
download: elgg-a867d66e7701e24a57ca55841594b35bbebdc366.tar.gz
elgg-a867d66e7701e24a57ca55841594b35bbebdc366.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index 7561a3767..ff5910937 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -15,8 +15,15 @@ if (array_key_exists('value', $vars)) {
 	$value = elgg_echo('search');
 }
 
+// @todo - why the strip slashes?
 $value = stripslashes($value);
 
+// @todo - create function for sanitization of strings for display in 1.8
+// encode <,>,&, quotes and characters above 127
+$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
+
+
 ?>
 
 <form class="elgg-search" action="<?php echo elgg_get_site_url(); ?>search" method="get">
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2011-04-02 19:45:39 +0000
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2011-04-02 19:45:39 +0000
commit	a867d66e7701e24a57ca55841594b35bbebdc366 (patch)
tree	5b22f00a7401af03f763d91d8616b421cd3fe372 /mod/search/views/default/search/search_box.php
parent	0b7110504e6e7557b025ff274ca942d1562f13ee (diff)
download	elgg-a867d66e7701e24a57ca55841594b35bbebdc366.tar.gz elgg-a867d66e7701e24a57ca55841594b35bbebdc366.tar.bz2