From 4295a2c4c6b7b721013bbd375889b962375ff0ac Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Mon, 18 Dec 2023 07:56:28 +0700
Subject: [PATCH] search.php parameter sanitizing (#1213)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cønstantine Kovalensky <45331093+kovalensky@users.noreply.github.com>
---
 search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/search.php b/search.php
index 819d91934..01de6aef7 100644
--- a/search.php
+++ b/search.php
@@ -91,7 +91,7 @@ $url = basename(__FILE__);
 $anon_id = GUEST_UID;
 $user_id = $userdata['user_id'];
 $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit'];
-$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : '';
+$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? DB()->escape($_GET['id']) : '';
 $session_id = $userdata['session_id'];
 
 $items_found = $items_display = $previous_settings = null;