From 6be51470968a681642b9d9def48921337b8ab73d Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Mon, 20 Jun 2016 12:36:56 -0400
Subject: [PATCH] Update the search to deal with single quotes

the filter is adding the slashes.
---
 models/front/events/baseAction.php | 11 ++++-------
 models/front/events/list.php       |  5 +++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/models/front/events/baseAction.php b/models/front/events/baseAction.php
index f50282b..46752e3 100644
--- a/models/front/events/baseAction.php
+++ b/models/front/events/baseAction.php
@@ -88,10 +88,10 @@ abstract class GlmMembersFront_events_baseAction extends GlmDataEvents
         // If a catgegory ID is supplied
         if ($catId = filter_var( $categoryId, FILTER_VALIDATE_INT )) {
             $events = $this->getEventsByCategory( $catId, $limit );
-			// Else if a category name is supplied
-        } else if ($term = filter_var( $categoryId, FILTER_SANITIZE_STRING )) {
-            $searchTerm = $this->wpdb->esc_like( $term );
-            $where .= "T.name like '%" . $searchTerm . "%'
+			// Else if a event name is supplied
+        } else if ($term = filter_var( $categoryId, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES )) {
+            $searchTerm = $this->wpdb->esc_like( stripslashes( $term ) );
+            $where .= "T.name like '%" . $term . "%'
                 AND T.status = " . $this->config['status_numb']['Active'] . "
                 AND T.id IN (
                         SELECT event
@@ -115,10 +115,7 @@ abstract class GlmMembersFront_events_baseAction extends GlmDataEvents
 					)
 				";
 			$order  = "T.id";
-			//$order .= " LIMIT {$limit} OFFSET 0";
-			//echo '<pre>$order: ' . print_r($order, true) . '</pre>';
             $events = $this->getList( $where, $order );
-			//echo '<pre>$events: ' . print_r($events, true) . '</pre>';
 			// Otherwise get all categories
         } else {
             $where .= "T.status = " . $this->config['status_numb']['Active'] . "
diff --git a/models/front/events/list.php b/models/front/events/list.php
index e9a8f4c..6534ac7 100644
--- a/models/front/events/list.php
+++ b/models/front/events/list.php
@@ -144,7 +144,8 @@ class GlmMembersFront_events_list extends GlmMembersFront_events_baseAction
         }
         //echo '<pre>$this->dateRange: ' . print_r($this->dateRange, true) . '</pre>';
 
-        if (isset($_REQUEST['event_name']) && $eventNameSearch = filter_var($_REQUEST['event_name'], FILTER_SANITIZE_STRING)) {
+        if (isset($_REQUEST['event_name']) 
+            && $eventNameSearch = filter_var($_REQUEST['event_name'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)) {
             $search = true;
             $action = 'event-list-name';
         } else {
@@ -571,7 +572,7 @@ class GlmMembersFront_events_list extends GlmMembersFront_events_baseAction
             'catEvents'    => $categoryEvents,
             'fromDate'     => $fromDate,
             'toDate'       => $toDate,
-            'eventName'    => $eventNameSearch,
+            'eventName'    => stripslashes( $eventNameSearch ),
             'imgUrl'       => GLM_MEMBERS_PLUGIN_MEDIA_URL . '/images/small/',
             'calDates'     => $calDates
         );
-- 
2.17.1