diff --git src/bp-members/bp-members-template.php src/bp-members/bp-members-template.php
index 345d9e5..ca83258 100644
|
|
function bp_has_members( $args = '' ) { |
462 | 462 | $search_terms = false; |
463 | 463 | } |
464 | 464 | |
| 465 | if ( ! empty( $search_terms ) ) { |
| 466 | $search_terms = htmlentities2( $search_terms ); |
| 467 | } |
| 468 | |
465 | 469 | // Set per_page to max if max is larger than per_page |
466 | 470 | if ( !empty( $max ) && ( $per_page > $max ) ) |
467 | 471 | $per_page = $max; |
diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php
index 8e621a5..8690958 100644
|
|
function bp_legacy_theme_ajax_querystring( $query_string, $object ) { |
535 | 535 | |
536 | 536 | $object_search_text = bp_get_search_default_text( $object ); |
537 | 537 | if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] ) |
538 | | $qs[] = 'search_terms=' . $_POST['search_terms']; |
| 538 | $qs[] = 'search_terms=' . urlencode( $_POST['search_terms'] ); |
539 | 539 | |
540 | 540 | // Now pass the querystring to override default values. |
541 | 541 | $query_string = empty( $qs ) ? '' : join( '&', (array) $qs ); |