Refs #3661. Merged XSS fixes in search to master.

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 10313fc8cd2370d442968d55f8caef8babb02b30..68aa7c8fb5ec876aea53ee707ecd2e826e669498 100644 (file)
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) {
 
        $guids_sanitized = array();
        foreach ($guids as $guid) {
-               if (($guid != sanitise_int($guid))) {
-                       return FALSE;
+               if ($guid !== ELGG_ENTITIES_NO_VALUE) {
+                       $guid = sanitise_int($guid);
+
+                       if (!$guid) {
+                               return false;
+                       }
                }
                $guids_sanitized[] = $guid;
        }

diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 428d6f7006ad84c3b88c5156513b8e98c681191a..b302272fba2753ccab78ab833fec7decef4a60ad 100644 (file)
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -202,6 +202,10 @@ function search_tags_hook($hook, $type, $value, $params) {
                $search_tag_names = $valid_tag_names;
        }
 
+       if (!$search_tag_names) {
+               return array('entities' => array(), 'count' => $count);
+       }
+
        // don't use elgg_get_entities_from_metadata() here because of
        // performance issues.  since we don't care what matches at this point
        // use an IN clause to grab everything that matches at once and sort
@@ -337,7 +341,7 @@ function search_comments_hook($hook, $type, $value, $params) {
 
        $container_and = '';
        if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) {
-               $container_and = 'AND e.container_guid = ' . sanitise_string($params['container_guid']);
+               $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']);
        }
 
        $e_access = get_access_sql_suffix('e');