Skip to:
Content

BuddyPress.org

Ticket #5694: 5694.patch

File 5694.patch, 1.0 KB (added by imath, 11 years ago)
  • src/bp-members/bp-members-template.php

    diff --git src/bp-members/bp-members-template.php src/bp-members/bp-members-template.php
    index 16bb997..9024586 100644
    function bp_has_members( $args = '' ) { 
    457457        // Pass a filter if ?s= is set.
    458458        if ( is_null( $search_terms ) ) {
    459459                if ( !empty( $_REQUEST['s'] ) )
    460                         $search_terms = $_REQUEST['s'];
     460                        $search_terms = esc_html( $_REQUEST['s'] );
    461461                else
    462462                        $search_terms = false;
    463463        }
  • src/bp-templates/bp-legacy/js/buddypress.js

    diff --git src/bp-templates/bp-legacy/js/buddypress.js src/bp-templates/bp-legacy/js/buddypress.js
    index 63eb97f..0327a31 100644
    function bp_filter_request( object, filter, scope, target, search_terms, page, e 
    16791679                search_terms = bp_get_querystring('s');
    16801680        }
    16811681
     1682        // "JS sanitize" search terms
     1683        if ( search_terms.length ) {
     1684                search_terms = escape( search_terms.split( '&' ).join( '&' ) );
     1685        }
     1686
    16821687        if ( null === scope ) {
    16831688                scope = 'all';
    16841689        }