KTS-4009 - Tags are now stripped from the search query.

"Pop-up alert when using the test XSS string in a Search field and running the Search against the DMS." Committed by: Megan Watson Reviewed by: Tohir Solomons git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@9696 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-4009 - Tags are now stripped from the search query.
"Pop-up alert when using the test XSS string in a Search field and running the Search against the DMS." Committed by: Megan Watson Reviewed by: Tohir Solomons git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@9696 c91229c3-7414-0410-bfa2-8a42b809f60b
Megan Watson
1 parent e86fa378
Showing 1 changed file with 1 additions and 0 deletions
search2.php
@@ -298,6 +298,7 @@ class SearchDispatcher extends KTStandardDispatcher {
     	// Strip out returns - they cause a js error [unterminated string literal]
     	$query = str_replace(array("\r\n", "\r", "\n"), array(' ', ' ', ' '), $query);
+    	$query = strip_tags($query);
     	$_SESSION['search2_quick'] = 0;
     	$_SESSION['search2_general'] = 0;