2 files changed, 7 insertions, 6 deletions

diff --git a/mod/network.php b/mod/network.php
index a94272a42..7c4c1ac04 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -437,8 +437,8 @@ function network_content(&$a, $update = 0) {
 		else
 			$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
 				dbesc(protect_sprintf('%' . $myurl)),
-				dbesc(protect_sprintf('%' . $myurl . '\\]%')),
-				dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
+				dbesc(protect_sprintf('%' . $myurl . ']%')),
+				dbesc(protect_sprintf('%' . $diasp_url . ']%'))
 			);
 
 	}
diff --git a/mod/search.php b/mod/search.php
index d4cd9d967..20007ada7 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -110,18 +110,19 @@ function search_content(&$a) {
 
 	if (get_config('system','use_fulltext_engine')) {
 		if($tag)
-			$sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.preg_quote($search));
+			$sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.protect_sprintf($search));
 		else
-			$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(preg_quote($search)));
+			$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
 	} else {
 		if($tag)
-			$sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", 	dbesc('\\]' . preg_quote($search) . '\\['));
+			$sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", 	dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
 		else
-			$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search)));
+			$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
 	}
 
 
 
+
 	// Here is the way permissions work in the search module...
 	// Only public posts can be shown
 	// OR your own posts if you are a logged in member