aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-05-29 17:14:35 -0700
committerfriendica <info@friendica.com>2012-05-29 17:14:35 -0700
commit514c994e6a323cd8075da1442c32e65f036539ff (patch)
treebfc585c96c00b7e76ca20eb4334ba6d8d18d23b6 /mod
parent21d79e787ef6a1fd183a4f439c2488110841b530 (diff)
downloadvolse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.gz
volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.bz2
volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.zip
possible sql injection in search
Diffstat (limited to 'mod')
-rw-r--r--mod/search.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/mod/search.php b/mod/search.php
index 20007ada7..466ffc4c3 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -110,7 +110,7 @@ function search_content(&$a) {
if (get_config('system','use_fulltext_engine')) {
if($tag)
- $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.protect_sprintf($search));
+ $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
else
$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
} else {