projects / WP-Plugins / michsci-products.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 501a138)
strip tags and sanitize string for search queries
authorAnthony Talarico <talarico@gaslightmedia.com>
Tue, 2 Feb 2016 13:32:22 +0000 (08:32 -0500)
committerAnthony Talarico <talarico@gaslightmedia.com>
Tue, 2 Feb 2016 13:32:22 +0000 (08:32 -0500)
index.php patch | blob | history

diff --git a/index.php b/index.php
index 23156f5..736c380 100644 (file)
--- a/index.php
+++ b/index.php
@@ -459,7 +459,8 @@ function michsci_shortcode($atts)
     } else if ( $cat_id = filter_var( $_REQUEST['category'], FILTER_VALIDATE_INT ) ) {
         michsci_list_categories($cat_id);
     } else if ( !$catid_id && !$product_id ) {
-        $text_query = $_REQUEST['tsearch'];
+        $text_query = filter_var($_REQUEST['tsearch'], FILTER_SANITIZE_STRING);
+        strip_tags($text_query);
         if(isset($text_query)){
             setcookie("search", "true",time()+1, "/" );