aboutsummaryrefslogtreecommitdiffstats
path: root/search.php
diff options
context:
space:
mode:
Diffstat (limited to 'search.php')
-rw-r--r--search.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/search.php b/search.php
index 84bf8a126..f1acf9701 100644
--- a/search.php
+++ b/search.php
@@ -48,7 +48,7 @@ if (isset($_POST['submit']))
and !preg_match('/^\s*$/', $_POST['search_allwords']))
{
check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
-
+
$drop_char_match = array(
'-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
'?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
@@ -105,6 +105,8 @@ if (isset($_POST['submit']))
}
// dates
+ check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/');
+
$type_date = $_POST['date_type'];
if (!empty($_POST['start_year']))
@@ -144,7 +146,7 @@ if (isset($_POST['submit']))
INSERT INTO '.SEARCH_TABLE.'
(rules, last_seen)
VALUES
- (\''.serialize($search).'\', NOW())
+ (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW())
;';
pwg_query($query);