From dc4e11800a15fa47235373cfbe625199fd4bd7ac Mon Sep 17 00:00:00 2001 From: marcus Date: Tue, 30 Jun 2009 16:43:41 +0000 Subject: Refs #1086: Fixes specific issues mentioned pending KSES fix / replacement git-svn-id: https://code.elgg.org/elgg/trunk@3369 36083f99-b078-4883-b0ff-0f9b5a30f544 --- search/groups.php | 2 +- search/index.php | 10 +++++----- search/users.php | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/search/groups.php b/search/groups.php index a925dfea2..d3e6f7686 100644 --- a/search/groups.php +++ b/search/groups.php @@ -19,7 +19,7 @@ set_context('search'); // Get input - $tag = get_input('tag'); + $tag = stripslashes(get_input('tag')); if (!empty($tag)) { $title = sprintf(elgg_echo('groups:searchtitle'),$tag); diff --git a/search/index.php b/search/index.php index 8cadcdcf6..038d494fb 100644 --- a/search/index.php +++ b/search/index.php @@ -19,15 +19,15 @@ set_context('search'); // Get input - $tag = get_input('tag'); - $subtype = get_input('subtype'); - if (!$objecttype = get_input('object')) { + $tag = stripslashes(get_input('tag')); + $subtype = stripslashes(get_input('subtype')); + if (!$objecttype = stripslashes(get_input('object'))) { $objecttype = ""; } - if (!$md_type = get_input('tagtype')) { + if (!$md_type = stripslashes(get_input('tagtype'))) { $md_type = ""; } - $owner_guid = get_input('owner_guid',0); + $owner_guid = (int)get_input('owner_guid',0); if (substr_count($owner_guid,',')) { $owner_guid_array = explode(",",$owner_guid); } else { diff --git a/search/users.php b/search/users.php index 89f679618..e07feddbb 100644 --- a/search/users.php +++ b/search/users.php @@ -13,13 +13,13 @@ */ // Load Elgg engine - require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); + require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); // Set context set_context('search'); // Get input - $tag = get_input('tag'); + $tag = stripslashes(get_input('tag')); if (!empty($tag)) { $title = sprintf(elgg_echo('users:searchtitle'),$tag); -- cgit v1.2.3