From d28094006f4424c4ae2ed36589e069b28e9aaff5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B8nstantine=20Kovalensky?=
 <45331093+kovalensky@users.noreply.github.com>
Date: Sun, 17 Dec 2023 15:29:17 +0400
Subject: [PATCH] tracker.php parameter sanitizing (#1212)

---
 tracker.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tracker.php b/tracker.php
index 28884b140..7b15d8cf8 100644
--- a/tracker.php
+++ b/tracker.php
@@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0;
 $set_default = isset($_GET['def']);
 $user_id = $userdata['user_id'];
 $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
-$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : '';
+$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? DB()->escape($_GET['search_id']) : '';
 $session_id = $userdata['session_id'];
 
 $status = $_POST['status'] ?? false;