Changeset 3924:6da65c37fbf6

Timestamp:

11/12/18 11:29:51 (7 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Sanitize a little bit search string

File:

• inc/public/lib.urlhandlers.php (modified) (1 diff)

inc/public/lib.urlhandlers.php

@@ -241 +241 @@
             $GLOBALS['_search'] = !empty($_GET['q']) ? rawurldecode($_GET['q']) : '';
             if ($GLOBALS['_search']) {
+                // Sanitize search string
+                $GLOBALS['_search'] = filter_var($GLOBALS['_search'], FILTER_SANITIZE_SPECIAL_CHARS);
                 $params = new ArrayObject(['search' => $GLOBALS['_search']]);
                 $core->callBehavior('publicBeforeSearchCount', $params);