From: Chuck Scott <cscott@gaslightmedia.com>
Date: Mon, 15 Aug 2016 14:44:35 +0000 (-0400)
Subject: The text search window was vulnerable to double-quote marks in the package names.
X-Git-Tag: v1.1.14^2~9
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=c2c32c1bb2914c4f74acd9bc11e303e4663e2455;p=WP-Plugins%2Fglm-member-db-packaging.git

The text search window was vulnerable to double-quote marks in the package names.
Now filtering those out from the list.
---

diff --git a/views/admin/packaging/index.html b/views/admin/packaging/index.html
index 8d48d49..2810b9f 100644
--- a/views/admin/packaging/index.html
+++ b/views/admin/packaging/index.html
@@ -371,7 +371,7 @@
             var availableTags = [
     {if $havePackages}
         {foreach $packages as $p}
-                { label: "{$p.title|unescape:'html'} - {$p.ref_dest_name|unescape:'html'}", id: '{$p.id}', memb: '{if isset($p.member)}{$p.member.member_pointer}{else}0{/if}' },
+                { label: "{$p.title|unescape:'html'|replace:'"':''} - {$p.ref_dest_name|unescape:'html'|replace:'"':''}", id: '{$p.id}', memb: '{if isset($p.member)}{$p.member.member_pointer}{else}0{/if}' },
         {/foreach}
     {/if}
              ];