diff options
Diffstat (limited to 'web/lib')
| -rw-r--r-- | web/lib/pkgfuncs.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index d7d1372..8ce26e3 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -714,8 +714,10 @@ function pkg_search_page($SID="") { print " <span class='f5'><span class='blue'>".__("Keywords"); print "</span></span><br />\n"; print " <input type='text' name='K' size='20'"; - $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for - # SQL trickery... + + # Added to trim() to avoid the problem described in #6191 + $K = trim(str_replace("\"", "", $_REQUEST["K"])); # TODO better testing for SQL trickery... + print " value=\"".stripslashes($K)."\" maxlength='35'>\n"; print "</td>\n"; |