diff options
author | dsa <dsa> | 2007-01-19 02:33:09 +0100 |
---|---|---|
committer | dsa <dsa> | 2007-01-19 02:33:09 +0100 |
commit | 0397ae8ff947b51cbef901fa28b77dfa59a9dc14 (patch) | |
tree | aab7b2b1c83e664ceae35c1a96a3c20dfe75f0f6 /web/lib | |
parent | 06e4af2dbc2d69d90be7a60c0b6944629740aaad (diff) | |
download | aur-0397ae8ff947b51cbef901fa28b77dfa59a9dc14.tar.gz aur-0397ae8ff947b51cbef901fa28b77dfa59a9dc14.tar.xz |
Solved #6191
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/pkgfuncs.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index d7d13727..8ce26e3c 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -714,8 +714,10 @@ function pkg_search_page($SID="") { print " <span class='f5'><span class='blue'>".__("Keywords"); print "</span></span><br />\n"; print " <input type='text' name='K' size='20'"; - $K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for - # SQL trickery... + + # Added to trim() to avoid the problem described in #6191 + $K = trim(str_replace("\"", "", $_REQUEST["K"])); # TODO better testing for SQL trickery... + print " value=\"".stripslashes($K)."\" maxlength='35'>\n"; print "</td>\n"; |