Filter tags to avoid HTML rendering in returned display (and the quic…

…k search doesn't handle html search in any event).
collectiveaccess · Sep 25, 2021 · 8ef8885 · 8ef8885
1 parent aaf573e
commit 8ef8885
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/find/QuickSearchController.php b/app/controllers/find/QuickSearchController.php
@@ -56,7 +56,7 @@ public function __construct(&$po_request, &$po_response, $pa_view_paths=null) {
  		 *
  		 */ 
  		public function Index($pa_options=null) {
- 			$ps_search 		= $this->request->getParameter('search', pString,  null, ['forcePurify' => true]);
+ 			$ps_search 		= strip_tags($this->request->getParameter('search', pString,  null, ['forcePurify' => true]));
  			$ps_sort 		= $this->request->getParameter('sort', pString, null, ['forcePurify' => true]);
 
  			if (!$ps_search) { $ps_search = Session::getVar('quick_search_last_search'); }