diff --git src/bp-members/bp-members-template.php src/bp-members/bp-members-template.php
index 16bb997..9024586 100644
|
|
function bp_has_members( $args = '' ) { |
457 | 457 | // Pass a filter if ?s= is set. |
458 | 458 | if ( is_null( $search_terms ) ) { |
459 | 459 | if ( !empty( $_REQUEST['s'] ) ) |
460 | | $search_terms = $_REQUEST['s']; |
| 460 | $search_terms = esc_html( $_REQUEST['s'] ); |
461 | 461 | else |
462 | 462 | $search_terms = false; |
463 | 463 | } |
diff --git src/bp-templates/bp-legacy/js/buddypress.js src/bp-templates/bp-legacy/js/buddypress.js
index 63eb97f..0327a31 100644
|
|
function bp_filter_request( object, filter, scope, target, search_terms, page, e |
1679 | 1679 | search_terms = bp_get_querystring('s'); |
1680 | 1680 | } |
1681 | 1681 | |
| 1682 | // "JS sanitize" search terms |
| 1683 | if ( search_terms.length ) { |
| 1684 | search_terms = escape( search_terms.split( '&' ).join( '&' ) ); |
| 1685 | } |
| 1686 | |
1682 | 1687 | if ( null === scope ) { |
1683 | 1688 | scope = 'all'; |
1684 | 1689 | } |