From 7c1c1b1fb48a055b230c7c9891b728ef05af10d5 Mon Sep 17 00:00:00 2001 From: Anthony Talarico Date: Mon, 11 Sep 2017 15:38:27 -0400 Subject: [PATCH] fixing the filter var escaping issue with apostrophes using FILTER FLAG NO ENCODE QUOTES to leave those characters in names alone when searching. adding stripslashes to smarty output --- models/front/obits/search.php | 8 +++----- views/front/obits/searchResults.html | 4 ++-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/models/front/obits/search.php b/models/front/obits/search.php index 1626818..eced1e2 100644 --- a/models/front/obits/search.php +++ b/models/front/obits/search.php @@ -179,7 +179,7 @@ class GlmMembersFront_obits_search extends GlmDataObits if (isset($value) && $value !== '' && !in_array($value,$placeholders) ){ if( $value !== 'Search' && $key !== 'conditions' && $key !== 'results-limit'){ if(strpos($key,'-logic') === false && strpos($key,'not-') === false ) { - $value = filter_var($value, FILTER_SANITIZE_STRING); + $value = filter_var($value, FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES); $search_fields[$key] = $value; } else { $search_options[$key] = $value; @@ -236,6 +236,7 @@ class GlmMembersFront_obits_search extends GlmDataObits // generate the WHERE clause string from the array of options if(!empty($search_fields)) $search = implode($clause, $search_fields); + // check the GET variables for sql queries with paging if( empty( $search ) && empty( $alpha_key) && empty($get_values) ){ @@ -260,13 +261,10 @@ class GlmMembersFront_obits_search extends GlmDataObits } else { $where = substr($where, 0, -4); } - - + } else { - $where = $search; } - // begin paging if (isset($_REQUEST['pageSelect'])) { diff --git a/views/front/obits/searchResults.html b/views/front/obits/searchResults.html index de0e4ac..63478eb 100644 --- a/views/front/obits/searchResults.html +++ b/views/front/obits/searchResults.html @@ -30,7 +30,7 @@
- +
@@ -55,7 +55,7 @@
- +
-- 2.17.1