From a0e8d4c390049b01278f3e9031d81dc0ea55aa94 Mon Sep 17 00:00:00 2001
From: Megan Watson <megan@knowledgetree.com>
Date: Mon, 22 Dec 2008 12:51:22 +0000
Subject: [PATCH] KTS-4009 - Tags are now stripped from the search query. "Pop-up alert when using the test XSS string in a Search field and running the Search against the DMS."

---
 search2.php | 1 +
 1 file changed, 1 insertion(+), 0 deletions(-)

diff --git a/search2.php b/search2.php
index 3107aa8..46e1ccc 100644
--- a/search2.php
+++ b/search2.php
@@ -298,6 +298,7 @@ class SearchDispatcher extends KTStandardDispatcher {
 
     	// Strip out returns - they cause a js error [unterminated string literal]
     	$query = str_replace(array("\r\n", "\r", "\n"), array(' ', ' ', ' '), $query);
+    	$query = strip_tags($query);
 
     	$_SESSION['search2_quick'] = 0;
     	$_SESSION['search2_general'] = 0;
--
libgit2 0.21.4