From ce397b5423636181de8ca1c8997eb021e8d6e6b4 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 9 Nov 2009 21:08:45 +0000
Subject: Sanitising string on tag search.

git-svn-id: http://code.elgg.org/elgg/trunk@3647 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/search/search_hooks.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mod/search/search_hooks.php')

diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 95ef3fc85..60cb1e8c4 100644
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -164,7 +164,8 @@ function search_users_hook($hook, $type, $value, $params) {
 function search_tags_hook($hook, $type, $value, $params) {
 	global $CONFIG;
 
-	$query = $params['query'];
+	// @todo will need to split this up to support searching multiple tags at once.
+	$query = santitise_string($params['query']);
 	$params['metadata_name_value_pair'] = array ('name' => 'tags', 'value' => $query, 'case_sensitive' => FALSE);
 
 	$entities = elgg_get_entities_from_metadata($params);
-- 
cgit v1.2.3