aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2011-09-04 17:43:56 -0700
committerBrett Profitt <brett.profitt@gmail.com>2011-09-04 17:43:56 -0700
commit9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 (patch)
treee7623e9e6aff2b0f232af19e0ac8e922dd893cfa /mod
parent61af80fd0905caa6b04c9a203f327da7b569c7cf (diff)
downloadelgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.gz
elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.bz2
Refs #3661. Merged XSS fixes in search to master.
Diffstat (limited to 'mod')
-rw-r--r--mod/search/search_hooks.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 428d6f700..b302272fb 100644
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -202,6 +202,10 @@ function search_tags_hook($hook, $type, $value, $params) {
$search_tag_names = $valid_tag_names;
}
+ if (!$search_tag_names) {
+ return array('entities' => array(), 'count' => $count);
+ }
+
// don't use elgg_get_entities_from_metadata() here because of
// performance issues. since we don't care what matches at this point
// use an IN clause to grab everything that matches at once and sort
@@ -337,7 +341,7 @@ function search_comments_hook($hook, $type, $value, $params) {
$container_and = '';
if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) {
- $container_and = 'AND e.container_guid = ' . sanitise_string($params['container_guid']);
+ $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']);
}
$e_access = get_access_sql_suffix('e');