From: Anthony Talarico <talarico@gaslightmedia.com>
Date: Thu, 4 Oct 2018 20:39:50 +0000 (-0400)
Subject: fixing the textsearch ajax model to allow for variable database column names from... 
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=583747f6db8a4651fcfde505246d368c39110062;p=WP-Plugins%2Fglm-member-db.git

fixing the textsearch ajax model to allow for variable database column names from an ajax request
---

diff --git a/models/admin/ajax/glmTextSearch.php b/models/admin/ajax/glmTextSearch.php
index d9fa9136..512fdb99 100644
--- a/models/admin/ajax/glmTextSearch.php
+++ b/models/admin/ajax/glmTextSearch.php
@@ -75,9 +75,10 @@ class GlmMembersAdmin_ajax_glmTextSearch
         global $wpdb;
         $status = $this->config['status_numb']['Active'];
         if( isset( $_REQUEST['table'] ) ){
-            $clause         = filter_var($_REQUEST['where'], FILTER_SANITIZE_STRING);
-            $searchQuery    = filter_var($_REQUEST['query'], FILTER_SANITIZE_STRING);
-            $fields         = $_REQUEST['fields'];
+            $clause         = filter_var($_REQUEST['where'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+            $clause         = stripslashes($clause);
+            $searchQuery    = filter_var($_REQUEST['query'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+            $fields         = filter_var($_REQUEST['fields'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
             $fields         = stripslashes($fields);
             $table          = filter_var($_REQUEST['table'], FILTER_SANITIZE_STRING);
             $sql            = "SELECT $fields FROM $table where $clause like '%$searchQuery%'";
@@ -93,6 +94,7 @@ class GlmMembersAdmin_ajax_glmTextSearch
         }
         
         $return = array(
+            "test"          => $sql,
             'searchData'    => $searchData        // Where our events list will go
         );