Revision 490
Added by Matthias over 17 years ago
search.php | ||
---|---|---|
53 | 53 |
} else { |
54 | 54 |
$string=$_REQUEST['string']; |
55 | 55 |
} |
56 |
$string = $wb->add_slashes($string); |
|
56 | 57 |
// remove some bad chars like _single_ '"', '&'. '!", ... |
57 | 58 |
$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string); |
58 |
$string = my_htmlspecialchars($string);
|
|
59 |
$string = strtr(my_htmlspecialchars($string), array('\"'=>'"'));
|
|
59 | 60 |
// reverse potential magic_quotes action |
60 | 61 |
$original_string=$wb->strip_slashes($string); |
61 | 62 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
62 |
$string = addslashes($wb->escape_backslashes($original_string));
|
|
63 |
$string = $wb->escape_backslashes($original_string);
|
|
63 | 64 |
// convert a copy of $string to HTML-ENTITIES |
64 | 65 |
$string_entities = umlauts_to_entities($string); |
65 | 66 |
// and do some convertion to both |
Also available in: Unified diff
Fixed issue with escaped single and double quotes in search result (Thanks to thorn)