Dotclear

Changeset 3925:7ce8aa72db97 for inc


Ignore:
Timestamp:
11/12/18 11:38:15 (7 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Better this way (in order to be coherent)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/public/lib.urlhandlers.php

    r3924 r3925  
    239239            $core->url->type = 'search'; 
    240240 
    241             $GLOBALS['_search'] = !empty($_GET['q']) ? rawurldecode($_GET['q']) : ''; 
     241            $GLOBALS['_search'] = !empty($_GET['q']) ? html::escapeHTML(rawurldecode($_GET['q'])) : ''; 
    242242            if ($GLOBALS['_search']) { 
    243                 // Sanitize search string 
    244                 $GLOBALS['_search'] = filter_var($GLOBALS['_search'], FILTER_SANITIZE_SPECIAL_CHARS); 
    245243                $params = new ArrayObject(['search' => $GLOBALS['_search']]); 
    246244                $core->callBehavior('publicBeforeSearchCount', $params); 
Note: See TracChangeset for help on using the changeset viewer.

Sites map