aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/groups/lib/groups.php3
-rw-r--r--mod/members/pages/members/search.php8
-rw-r--r--mod/search/pages/search/index.php10
3 files changed, 9 insertions, 12 deletions
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index f07ab5dc6..d5bec1862 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -73,7 +73,8 @@ function groups_search_page() {
elgg_push_breadcrumb(elgg_echo('search'));
$tag = get_input("tag");
- $title = elgg_echo('groups:search:title', array($tag));
+ $display_query = _elgg_get_display_query($tag);
+ $title = elgg_echo('groups:search:title', array($display_query));
// groups plugin saves tags as "interests" - see groups_fields_setup() in start.php
$params = array(
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php
index 1f0444d67..5466a8246 100644
--- a/mod/members/pages/members/search.php
+++ b/mod/members/pages/members/search.php
@@ -7,7 +7,9 @@
if ($vars['search_type'] == 'tag') {
$tag = get_input('tag');
- $title = elgg_echo('members:title:searchtag', array($tag));
+ $display_query = _elgg_get_display_query($tag);
+
+ $title = elgg_echo('members:title:searchtag', array($display_query));
$options = array();
$options['query'] = $tag;
@@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') {
} else {
$name = sanitize_string(get_input('name'));
- $title = elgg_echo('members:title:searchname', array($name));
+ $display_query = _elgg_get_display_query($name);
+
+ $title = elgg_echo('members:title:searchname', array($display_query));
$db_prefix = elgg_get_config('dbprefix');
$params = array(
diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php
index ede09329b..9542e0751 100644
--- a/mod/search/pages/search/index.php
+++ b/mod/search/pages/search/index.php
@@ -17,15 +17,7 @@ $search_type = get_input('search_type', 'all');
// XSS protection is more important that searching for HTML.
$query = stripslashes(get_input('q', get_input('tag', '')));
-// @todo - create function for sanitization of strings for display in 1.8
-// encode <,>,&, quotes and characters above 127
-if (function_exists('mb_convert_encoding')) {
- $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8');
-} else {
- // if no mbstring extension, we just strip characters
- $display_query = preg_replace("/[^\x01-\x7F]/", "", $query);
-}
-$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
+$display_query = _elgg_get_display_query($query);
// check that we have an actual query
if (!$query) {