diff options
Diffstat (limited to 'web/lib/pkgfuncs.inc.php')
-rw-r--r-- | web/lib/pkgfuncs.inc.php | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index b078c48..88b18b8 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -457,11 +457,9 @@ function pkg_search_page($SID="", $dbh=NULL) { } if (isset($_GET['K'])) { - $_GET['K'] = db_escape_string(trim($_GET['K'])); - # Search by maintainer if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { - $q_where .= "AND Users.Username = '".$_GET['K']."' "; + $q_where .= "AND Users.Username = '".db_escape_string($_GET['K'])."' "; } # Search by submitter elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") { @@ -469,16 +467,16 @@ function pkg_search_page($SID="", $dbh=NULL) { } # Search by name elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") { - $q_where .= "AND (Name LIKE '%".$_GET['K']."%') "; + $q_where .= "AND (Name LIKE '%".db_escape_like($_GET['K'])."%') "; } # Search by name (exact match) elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "x") { - $q_where .= "AND (Name = '".$_GET['K']."') "; + $q_where .= "AND (Name = '".db_escape_string($_GET['K'])."') "; } # Search by name and description (Default) else { - $q_where .= "AND (Name LIKE '%".$_GET['K']."%' OR "; - $q_where .= "Description LIKE '%".$_GET['K']."%') "; + $q_where .= "AND (Name LIKE '%".db_escape_like($_GET['K'])."%' OR "; + $q_where .= "Description LIKE '%".db_escape_like($_GET['K'])."%') "; } } |