fixing the textsearch ajax model to allow for variable database column names from...

diff --git a/models/admin/ajax/glmTextSearch.php b/models/admin/ajax/glmTextSearch.php
index d9fa913..512fdb9 100644 (file)
--- a/models/admin/ajax/glmTextSearch.php
+++ b/models/admin/ajax/glmTextSearch.php
@@ -75,9 +75,10 @@ class GlmMembersAdmin_ajax_glmTextSearch
         global $wpdb;
         $status = $this->config['status_numb']['Active'];
         if( isset( $_REQUEST['table'] ) ){
-            $clause         = filter_var($_REQUEST['where'], FILTER_SANITIZE_STRING);
-            $searchQuery    = filter_var($_REQUEST['query'], FILTER_SANITIZE_STRING);
-            $fields         = $_REQUEST['fields'];
+            $clause         = filter_var($_REQUEST['where'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+            $clause         = stripslashes($clause);
+            $searchQuery    = filter_var($_REQUEST['query'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+            $fields         = filter_var($_REQUEST['fields'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
             $fields         = stripslashes($fields);
             $table          = filter_var($_REQUEST['table'], FILTER_SANITIZE_STRING);
             $sql            = "SELECT $fields FROM $table where $clause like '%$searchQuery%'";
@@ -93,6 +94,7 @@ class GlmMembersAdmin_ajax_glmTextSearch
         }
         
         $return = array(
+            "test"          => $sql,
             'searchData'    => $searchData        // Where our events list will go
         );