Refs #1086: Fixes specific issues mentioned pending KSES fix / replacement

git-svn-id: https://code.elgg.org/elgg/trunk@3369 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/search/groups.php b/search/groups.php
index a925dfea2c2128910e92e6e880afc78f8d51acb2..d3e6f7686c85f6ad7f0b6ad798738688e48850f9 100644 (file)
--- a/search/groups.php
+++ b/search/groups.php
@@ -19,7 +19,7 @@
                set_context('search');\r
                \r
        // Get input\r
-               $tag = get_input('tag');\r
+               $tag = stripslashes(get_input('tag'));\r
                \r
                if (!empty($tag)) {\r
                        $title = sprintf(elgg_echo('groups:searchtitle'),$tag);\r

diff --git a/search/index.php b/search/index.php
index 8cadcdcf64e2c5265a95fdfa3766c17ec185b5f9..038d494fb77a3bfc2636e91a905ffe22eeeb4496 100644 (file)
--- a/search/index.php
+++ b/search/index.php
@@ -19,15 +19,15 @@
                set_context('search');\r
                \r
        // Get input\r
-               $tag = get_input('tag');\r
-               $subtype = get_input('subtype');\r
-               if (!$objecttype = get_input('object')) {\r
+               $tag = stripslashes(get_input('tag'));\r
+               $subtype = stripslashes(get_input('subtype'));\r
+               if (!$objecttype = stripslashes(get_input('object'))) {\r
                        $objecttype = "";\r
                }\r
-               if (!$md_type = get_input('tagtype')) {\r
+               if (!$md_type = stripslashes(get_input('tagtype'))) {\r
                        $md_type = "";                  \r
                }\r
-               $owner_guid = get_input('owner_guid',0);\r
+               $owner_guid = (int)get_input('owner_guid',0);\r
                if (substr_count($owner_guid,',')) {\r
                        $owner_guid_array = explode(",",$owner_guid);\r
                } else {\r

diff --git a/search/users.php b/search/users.php
index 89f679618b6ee4a6edb8c111ef7f1d9f59f5ceab..e07feddbb2213770ac2037946781f244c5a14a90 100644 (file)
--- a/search/users.php
+++ b/search/users.php
@@ -13,13 +13,13 @@
         */\r
 \r
        // Load Elgg engine\r
-               require_once(dirname(dirname(__FILE__)) . "/engine/start.php");\r
+               require_once(dirname(dirname(__FILE__)) . "/engine/start.php");
                \r
        // Set context\r
                set_context('search');\r
                \r
        // Get input\r
-               $tag = get_input('tag');\r
+               $tag = stripslashes(get_input('tag'));\r
                \r
                if (!empty($tag)) {\r
                        $title = sprintf(elgg_echo('users:searchtitle'),$tag);\r