Sanitising string on tag search.

git-svn-id: http://code.elgg.org/elgg/trunk@3647 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 95ef3fc85385f233b348f46b153e8c251f2ee0df..60cb1e8c4952a5ea9fa1142c30eb88e6303324c4 100644 (file)
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -164,7 +164,8 @@ function search_users_hook($hook, $type, $value, $params) {
 function search_tags_hook($hook, $type, $value, $params) {
        global $CONFIG;
 
-       $query = $params['query'];
+       // @todo will need to split this up to support searching multiple tags at once.
+       $query = santitise_string($params['query']);
        $params['metadata_name_value_pair'] = array ('name' => 'tags', 'value' => $query, 'case_sensitive' => FALSE);
 
        $entities = elgg_get_entities_from_metadata($params);