Revision 490
Added by Matthias over 18 years ago
| search.php | ||
|---|---|---|
| 53 | 53 |
} else {
|
| 54 | 54 |
$string=$_REQUEST['string']; |
| 55 | 55 |
} |
| 56 |
$string = $wb->add_slashes($string); |
|
| 56 | 57 |
// remove some bad chars like _single_ '"', '&'. '!", ... |
| 57 | 58 |
$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string);
|
| 58 |
$string = my_htmlspecialchars($string);
|
|
| 59 |
$string = strtr(my_htmlspecialchars($string), array('\"'=>'"'));
|
|
| 59 | 60 |
// reverse potential magic_quotes action |
| 60 | 61 |
$original_string=$wb->strip_slashes($string); |
| 61 | 62 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
| 62 |
$string = addslashes($wb->escape_backslashes($original_string));
|
|
| 63 |
$string = $wb->escape_backslashes($original_string);
|
|
| 63 | 64 |
// convert a copy of $string to HTML-ENTITIES |
| 64 | 65 |
$string_entities = umlauts_to_entities($string); |
| 65 | 66 |
// and do some convertion to both |
Also available in: Unified diff
Fixed issue with escaped single and double quotes in search result (Thanks to thorn)