diff options
-rw-r--r-- | mod/search/pages/search/index.php | 7 | ||||
-rw-r--r-- | mod/search/views/default/search/search_box.php | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index c4e8d2219..efa3ec037 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -19,7 +19,12 @@ $query = stripslashes(get_input('q', get_input('tag', ''))); // @todo - create function for sanitization of strings for display in 1.8 // encode <,>,&, quotes and characters above 127 -$display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); +if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); +} else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $query); +} $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); // check that we have an actual query diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index 9440dd1de..87d59519c 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -24,7 +24,12 @@ $value = stripslashes($value); // @todo - create function for sanitization of strings for display in 1.8 // encode <,>,&, quotes and characters above 127 -$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); +if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); +} else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $value); +} $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); |