From: Anthony Talarico <talarico@gaslightmedia.com>
Date: Tue, 2 Feb 2016 13:32:22 +0000 (-0500)
Subject: strip tags and sanitize string for search queries
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=4e0f139f1ecd8e5400ebe4704e52a318a5d9530b;p=WP-Plugins%2Fmichsci-products.git

strip tags and sanitize string for search queries
---

diff --git a/index.php b/index.php
index 23156f5..736c380 100644
--- a/index.php
+++ b/index.php
@@ -459,7 +459,8 @@ function michsci_shortcode($atts)
     } else if ( $cat_id = filter_var( $_REQUEST['category'], FILTER_VALIDATE_INT ) ) {
         michsci_list_categories($cat_id);
     } else if ( !$catid_id && !$product_id ) {
-        $text_query = $_REQUEST['tsearch'];
+        $text_query = filter_var($_REQUEST['tsearch'], FILTER_SANITIZE_STRING);
+        strip_tags($text_query);
         if(isset($text_query)){
             setcookie("search", "true",time()+1, "/" );