diff options
author | dsa <dsa> | 2007-01-19 01:33:09 +0000 |
---|---|---|
committer | dsa <dsa> | 2007-01-19 01:33:09 +0000 |
commit | 0397ae8ff947b51cbef901fa28b77dfa59a9dc14 (patch) | |
tree | aab7b2b1c83e664ceae35c1a96a3c20dfe75f0f6 | |
parent | 06e4af2dbc2d69d90be7a60c0b6944629740aaad (diff) | |
download | aurweb-0397ae8ff947b51cbef901fa28b77dfa59a9dc14.tar.xz |
Solved #6191
-rw-r--r-- | web/lib/pkgfuncs.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index d7d1372..8ce26e3 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -714,8 +714,10 @@ function pkg_search_page($SID="") { print " <span class='f5'><span class='blue'>".__("Keywords"); print "</span></span><br />\n"; print " <input type='text' name='K' size='20'"; - $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for - # SQL trickery... + + # Added to trim() to avoid the problem described in #6191 + $K = trim(str_replace("\"", "", $_REQUEST["K"])); # TODO better testing for SQL trickery... + print " value=\"".stripslashes($K)."\" maxlength='35'>\n"; print "</td>\n"; |