search.php parameter sanitizing (#1213)

Co-authored-by: Cønstantine Kovalensky <45331093+kovalensky@users.noreply.github.com>
2025-08-21 13:54:02 -07:00 · 2023-12-18 07:56:28 +07:00 · 2023-12-18 07:56:28 +07:00 · 4295a2c4c6
commit 4295a2c4c6
parent d28094006f
1 changed files with 1 additions and 1 deletions
--- a/search.php
+++ b/search.php
@ -91,7 +91,7 @@ $url = basename(__FILE__);
 $anon_id = GUEST_UID;
 $user_id = $userdata['user_id'];
 $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit'];
-$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : '';
+$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? DB()->escape($_GET['id']) : '';
 $session_id = $userdata['session_id'];

 $items_found = $items_display = $previous_settings = null;