Changeset 6620

Timestamp:

07/09/2017 05:13:07 PM (8 years ago)

Author:

johnjamesjacoby

Message:

Search: Escape output of bbp_search_terms() and wire-up to ts and rs.

File:

• trunk/src/includes/search/template.php (modified) (2 diffs)

trunk/src/includes/search/template.php

@@ -298 +298 @@
  */
 function bbp_search_terms( $search_terms = '' ) {
-    echo bbp_get_search_terms( $search_terms );
+    echo esc_attr( bbp_get_search_terms( $search_terms ) );
 }
 
@@ -320 +320 @@
         // Use query variable if not
         } else {
-            $search_terms = get_query_var( bbp_get_search_rewrite_id() );
+
+            // Global
+            if ( get_query_var( bbp_get_search_rewrite_id() ) ) {
+                $search_terms = get_query_var( bbp_get_search_rewrite_id() );
+
+            // Topic search
+            } elseif ( ! empty( $_REQUEST['ts'] ) ) {
+                $search_terms = sanitize_title( $_REQUEST['ts'] );
+
+            // Reply search
+            } elseif ( ! empty( $_REQUEST['rs'] ) ) {
+                $search_terms = sanitize_title( $_REQUEST['ts'] );
+            }
         }
 
         // Trim whitespace and decode, or set explicitly to false if empty
-        $search_terms = ! empty( $search_terms ) ? urldecode( trim( $search_terms ) ) : false;
+        $search_terms = ! empty( $search_terms )
+            ? urldecode( trim( $search_terms ) )
+            : false;
 
         // Filter & return