From a867d66e7701e24a57ca55841594b35bbebdc366 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 2 Apr 2011 19:45:39 +0000
Subject: Refs #3179 pulled fix for search query encoding into trunk from 1.7
 branch

git-svn-id: http://code.elgg.org/elgg/trunk@8919 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/search/views/default/search/search_box.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'mod/search/views')

diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index 7561a3767..ff5910937 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -15,8 +15,15 @@ if (array_key_exists('value', $vars)) {
 	$value = elgg_echo('search');
 }
 
+// @todo - why the strip slashes?
 $value = stripslashes($value);
 
+// @todo - create function for sanitization of strings for display in 1.8
+// encode <,>,&, quotes and characters above 127
+$display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
+
+
 ?>
 
 <form class="elgg-search" action="<?php echo elgg_get_site_url(); ?>search" method="get">
-- 
cgit v1.2.3