summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordsa <dsa>2007-01-19 01:33:09 +0000
committerdsa <dsa>2007-01-19 01:33:09 +0000
commit0397ae8ff947b51cbef901fa28b77dfa59a9dc14 (patch)
treeaab7b2b1c83e664ceae35c1a96a3c20dfe75f0f6
parent06e4af2dbc2d69d90be7a60c0b6944629740aaad (diff)
downloadaurweb-0397ae8ff947b51cbef901fa28b77dfa59a9dc14.tar.xz
Solved #6191
-rw-r--r--web/lib/pkgfuncs.inc6
1 files changed, 4 insertions, 2 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index d7d1372..8ce26e3 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -714,8 +714,10 @@ function pkg_search_page($SID="") {
print " <span class='f5'><span class='blue'>".__("Keywords");
print "</span></span><br />\n";
print " <input type='text' name='K' size='20'";
- $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for
- # SQL trickery...
+
+ # Added to trim() to avoid the problem described in #6191
+ $K = trim(str_replace("\"", "", $_REQUEST["K"])); # TODO better testing for SQL trickery...
+
print " value=\"".stripslashes($K)."\" maxlength='35'>\n";
print "</td>\n";