diff options
| -rw-r--r-- | search/groups.php | 2 | ||||
| -rw-r--r-- | search/index.php | 10 | ||||
| -rw-r--r-- | search/users.php | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/search/groups.php b/search/groups.php index a925dfea2..d3e6f7686 100644 --- a/search/groups.php +++ b/search/groups.php @@ -19,7 +19,7 @@ set_context('search');
// Get input
- $tag = get_input('tag');
+ $tag = stripslashes(get_input('tag'));
if (!empty($tag)) {
$title = sprintf(elgg_echo('groups:searchtitle'),$tag);
diff --git a/search/index.php b/search/index.php index 8cadcdcf6..038d494fb 100644 --- a/search/index.php +++ b/search/index.php @@ -19,15 +19,15 @@ set_context('search');
// Get input
- $tag = get_input('tag');
- $subtype = get_input('subtype');
- if (!$objecttype = get_input('object')) {
+ $tag = stripslashes(get_input('tag'));
+ $subtype = stripslashes(get_input('subtype'));
+ if (!$objecttype = stripslashes(get_input('object'))) {
$objecttype = "";
}
- if (!$md_type = get_input('tagtype')) {
+ if (!$md_type = stripslashes(get_input('tagtype'))) {
$md_type = "";
}
- $owner_guid = get_input('owner_guid',0);
+ $owner_guid = (int)get_input('owner_guid',0);
if (substr_count($owner_guid,',')) {
$owner_guid_array = explode(",",$owner_guid);
} else {
diff --git a/search/users.php b/search/users.php index 89f679618..e07feddbb 100644 --- a/search/users.php +++ b/search/users.php @@ -13,13 +13,13 @@ */
// Load Elgg engine
- require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
+ require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); // Set context
set_context('search');
// Get input
- $tag = get_input('tag');
+ $tag = stripslashes(get_input('tag'));
if (!empty($tag)) {
$title = sprintf(elgg_echo('users:searchtitle'),$tag);
|