Skip to:
Content

BuddyPress.org

Ticket #5694: 5694.03.patch

File 5694.03.patch, 1.3 KB (added by imath, 11 years ago)
  • src/bp-members/bp-members-template.php

    diff --git src/bp-members/bp-members-template.php src/bp-members/bp-members-template.php
    index 345d9e5..ca83258 100644
    function bp_has_members( $args = '' ) { 
    462462                        $search_terms = false;
    463463        }
    464464
     465        if ( ! empty( $search_terms ) ) {
     466                $search_terms = htmlentities2( $search_terms );
     467        }
     468
    465469        // Set per_page to max if max is larger than per_page
    466470        if ( !empty( $max ) && ( $per_page > $max ) )
    467471                $per_page = $max;
  • src/bp-templates/bp-legacy/buddypress-functions.php

    diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php
    index 8e621a5..8690958 100644
    function bp_legacy_theme_ajax_querystring( $query_string, $object ) { 
    535535
    536536        $object_search_text = bp_get_search_default_text( $object );
    537537        if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )
    538                 $qs[] = 'search_terms=' . $_POST['search_terms'];
     538                $qs[] = 'search_terms=' . urlencode( $_POST['search_terms'] );
    539539
    540540        // Now pass the querystring to override default values.
    541541        $query_string = empty( $qs ) ? '' : join( '&', (array) $qs );