Hi!
I’ve done a good amount of security tests, so far no problems. The query fails every time due to the multiple escape calls.
The problem occures because the plain $_GET[s] value is echoed into the search text field before escaping. I’ve found a quick and effective fix using one internal wordpress call.
If you open up the plugins/ajax-search-pro/includes/views/asp.shortcode.probox.php file and go to line 44, you should see the input field output, and at the end of the line there is something like:
[code]… value='<?php echo isset($_GET[‘s’])?$_GET[‘s’]:”; ?>’ autocomplete="off">[/code]
change it to:
[code]… value='<?php echo get_search_query(); ?>’ autocomplete="off">[/code]
The problem will disappear right away. I’m including this fix in the upcoming version of course.