aboutsummaryrefslogtreecommitdiff
path: root/mod/search
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-11-09 21:08:45 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-11-09 21:08:45 +0000
commitce397b5423636181de8ca1c8997eb021e8d6e6b4 (patch)
treea612c6c16c9ff7c5cdfe3b53bad2c61a1eb2781a /mod/search
parent3e795f3f87a602b8ea77759f89fe0cb791b616ae (diff)
downloadelgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.gz
elgg-ce397b5423636181de8ca1c8997eb021e8d6e6b4.tar.bz2
Sanitising string on tag search.
git-svn-id: http://code.elgg.org/elgg/trunk@3647 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/search')
-rw-r--r--mod/search/search_hooks.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 95ef3fc85..60cb1e8c4 100644
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -164,7 +164,8 @@ function search_users_hook($hook, $type, $value, $params) {
function search_tags_hook($hook, $type, $value, $params) {
global $CONFIG;
- $query = $params['query'];
+ // @todo will need to split this up to support searching multiple tags at once.
+ $query = santitise_string($params['query']);
$params['metadata_name_value_pair'] = array ('name' => 'tags', 'value' => $query, 'case_sensitive' => FALSE);
$entities = elgg_get_entities_from_metadata($params);