aboutsummaryrefslogtreecommitdiffstats
path: root/mod/search.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/search.php')
-rw-r--r--mod/search.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/mod/search.php b/mod/search.php
index d4cd9d967..466ffc4c3 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -110,18 +110,19 @@ function search_content(&$a) {
if (get_config('system','use_fulltext_engine')) {
if($tag)
- $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.preg_quote($search));
+ $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
else
- $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(preg_quote($search)));
+ $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
} else {
if($tag)
- $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\['));
+ $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
else
- $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search)));
+ $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
+
// Here is the way permissions work in the search module...
// Only public posts can be shown
// OR your own posts if you are a logged in member