Update the search to deal with single quotes

the filter is adding the slashes.

diff --git a/models/front/events/baseAction.php b/models/front/events/baseAction.php
index f50282b..46752e3 100644 (file)
--- a/models/front/events/baseAction.php
+++ b/models/front/events/baseAction.php
@@ -88,10 +88,10 @@ abstract class GlmMembersFront_events_baseAction extends GlmDataEvents
         // If a catgegory ID is supplied
         if ($catId = filter_var( $categoryId, FILTER_VALIDATE_INT )) {
             $events = $this->getEventsByCategory( $catId, $limit );
-                       // Else if a category name is supplied
-        } else if ($term = filter_var( $categoryId, FILTER_SANITIZE_STRING )) {
-            $searchTerm = $this->wpdb->esc_like( $term );
-            $where .= "T.name like '%" . $searchTerm . "%'
+                       // Else if a event name is supplied
+        } else if ($term = filter_var( $categoryId, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES )) {
+            $searchTerm = $this->wpdb->esc_like( stripslashes( $term ) );
+            $where .= "T.name like '%" . $term . "%'
                 AND T.status = " . $this->config['status_numb']['Active'] . "
                 AND T.id IN (
                         SELECT event
@@ -115,10 +115,7 @@ abstract class GlmMembersFront_events_baseAction extends GlmDataEvents
                                        )
                                ";
                        $order  = "T.id";
-                       //$order .= " LIMIT {$limit} OFFSET 0";
-                       //echo '<pre>$order: ' . print_r($order, true) . '</pre>';
             $events = $this->getList( $where, $order );
-                       //echo '<pre>$events: ' . print_r($events, true) . '</pre>';
                        // Otherwise get all categories
         } else {
             $where .= "T.status = " . $this->config['status_numb']['Active'] . "

diff --git a/models/front/events/list.php b/models/front/events/list.php
index e9a8f4c..6534ac7 100644 (file)
--- a/models/front/events/list.php
+++ b/models/front/events/list.php
@@ -144,7 +144,8 @@ class GlmMembersFront_events_list extends GlmMembersFront_events_baseAction
         }
         //echo '<pre>$this->dateRange: ' . print_r($this->dateRange, true) . '</pre>';
 
-        if (isset($_REQUEST['event_name']) && $eventNameSearch = filter_var($_REQUEST['event_name'], FILTER_SANITIZE_STRING)) {
+        if (isset($_REQUEST['event_name']) 
+            && $eventNameSearch = filter_var($_REQUEST['event_name'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)) {
             $search = true;
             $action = 'event-list-name';
         } else {
@@ -571,7 +572,7 @@ class GlmMembersFront_events_list extends GlmMembersFront_events_baseAction
             'catEvents'    => $categoryEvents,
             'fromDate'     => $fromDate,
             'toDate'       => $toDate,
-            'eventName'    => $eventNameSearch,
+            'eventName'    => stripslashes( $eventNameSearch ),
             'imgUrl'       => GLM_MEMBERS_PLUGIN_MEDIA_URL . '/images/small/',
             'calDates'     => $calDates
         );