Revision 656
Added by thorn almost 17 years ago
| search.php | ||
|---|---|---|
| 127 | 127 |
$string = $wb->strip_slashes($string); |
| 128 | 128 |
$string = htmlspecialchars($string); |
| 129 | 129 |
$search_display_string = $string; |
| 130 |
// do really addslashes() |
|
| 131 |
$string = $wb->add_slashes($string); |
|
| 130 |
$string = addslashes($string); |
|
| 132 | 131 |
// remove some bad chars |
| 133 | 132 |
$string = preg_replace("/(^|\s+)([.])+(?=\s+|$)/", "", $string);
|
| 134 | 133 |
// mySQL needs four backslashes to match one in LIKE comparisons) |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].