AC-4804: Security fixes for XSS, possible sql injection on multiple scripts within...

[acontent.git] / docs / home / search.php

diff --git a/docs/home/search.php b/docs/home/search.php
index 4e50f6a..22bb69c 100644 (file)
--- a/docs/home/search.php
+++ b/docs/home/search.php
@@ -32,7 +32,7 @@ $courseCategoriesDAO = new CourseCategoriesDAO();
 
 //$my_courses = array();
 $search_text = trim($_GET['search_text']);
-$courses = $coursesDAO->getSearchResult($search_text, $_GET['catid']);
+$courses = $coursesDAO->getSearchResult($addslashes($search_text), $_GET['catid']);
 
 // handle submits
 if (isset($_GET['action'], $_GET['cid']) && $_SESSION['user_id'] > 0)