From 9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Sun, 4 Sep 2011 17:43:56 -0700 Subject: Refs #3661. Merged XSS fixes in search to master. --- engine/lib/entities.php | 8 ++++++-- mod/search/search_hooks.php | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 10313fc8c..68aa7c8fb 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) { $guids_sanitized = array(); foreach ($guids as $guid) { - if (($guid != sanitise_int($guid))) { - return FALSE; + if ($guid !== ELGG_ENTITIES_NO_VALUE) { + $guid = sanitise_int($guid); + + if (!$guid) { + return false; + } } $guids_sanitized[] = $guid; } diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 428d6f700..b302272fb 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -202,6 +202,10 @@ function search_tags_hook($hook, $type, $value, $params) { $search_tag_names = $valid_tag_names; } + if (!$search_tag_names) { + return array('entities' => array(), 'count' => $count); + } + // don't use elgg_get_entities_from_metadata() here because of // performance issues. since we don't care what matches at this point // use an IN clause to grab everything that matches at once and sort @@ -337,7 +341,7 @@ function search_comments_hook($hook, $type, $value, $params) { $container_and = ''; if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) { - $container_and = 'AND e.container_guid = ' . sanitise_string($params['container_guid']); + $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']); } $e_access = get_access_sql_suffix('e'); -- cgit v1.2.3