Index: trunk/wb/search/search.php
===================================================================
--- trunk/wb/search/search.php	(revision 712)
+++ trunk/wb/search/search.php	(revision 713)
@@ -83,7 +83,9 @@
 $search_path_SQL = "";
 $search_path = "";
 if(isset($_REQUEST['search_path'])) {
-	$search_path = $wb->add_slashes(strip_tags($_REQUEST['search_path']));
+	$search_path = $wb->add_slashes($_REQUEST['search_path']);
+	if(preg_match('/[\'"=()&+\\\\]/', $search_path))
+		$search_path = '';
 	if($search_path != '') {
 		$search_path_SQL = "AND ( ";
 		$not = "";