Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #173 from moderntribe/security/fix-search-xss
Fix search XSS
  • Loading branch information
defunctl committed May 8, 2020
2 parents e4ab11a + 0df15da commit 4528d4f
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions ModularContent/SearchFilter.php
Expand Up @@ -34,8 +34,8 @@ public function add_post_content_filtered_to_search_sql( $sql, $query ) {
if ( $query->get( 'panel_search_filter' ) ) {
global $wpdb;
remove_filter( 'posts_search', array( $this, 'add_post_content_filtered_to_search_sql' ), 1000, 2 );
$pattern = "#OR \($wpdb->posts.post_content LIKE '(.*?)'\)#";

$pattern = "#OR \($wpdb->posts.post_content LIKE '{(.*?)}'\)#";
$sql = preg_replace_callback( $pattern, array( $this, 'replace_callback' ), $sql );
}
return $sql;
Expand All @@ -54,4 +54,4 @@ private function replace_callback( $matches ) {
$post_content_filtered = str_replace( $wpdb->posts.'.post_content', $wpdb->posts.'.post_content_filtered', $post_content );
return $post_content.' '.$post_content_filtered;
}
}
}

0 comments on commit 4528d4f

Please sign in to comment.