From 4e0f139f1ecd8e5400ebe4704e52a318a5d9530b Mon Sep 17 00:00:00 2001
From: Anthony Talarico <talarico@gaslightmedia.com>
Date: Tue, 2 Feb 2016 08:32:22 -0500
Subject: [PATCH] strip tags and sanitize string for search queries

---
 index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 23156f5..736c380 100644
--- a/index.php
+++ b/index.php
@@ -459,7 +459,8 @@ function michsci_shortcode($atts)
     } else if ( $cat_id = filter_var( $_REQUEST['category'], FILTER_VALIDATE_INT ) ) {
         michsci_list_categories($cat_id);
     } else if ( !$catid_id && !$product_id ) {
-        $text_query = $_REQUEST['tsearch'];
+        $text_query = filter_var($_REQUEST['tsearch'], FILTER_SANITIZE_STRING);
+        strip_tags($text_query);
         if(isset($text_query)){
             setcookie("search", "true",time()+1, "/" );
             
-- 
2.17.1