Reply To: Escaped terms = MYSQL Query Errors + Security issues

Home Forums Product Support Forums Ajax Search Pro for WordPress Support Escaped terms = MYSQL Query Errors + Security issues Reply To: Escaped terms = MYSQL Query Errors + Security issues

#5019

Ernest Marcinko
Keymaster

Hi!

I've done a good amount of security tests, so far no problems. The query fails every time due to the multiple escape calls.

The problem occures because the plain $_GET[s] value is echoed into the search text field before escaping. I've found a quick and effective fix using one internal wordpress call.

If you open up the plugins/ajax-search-pro/includes/views/asp.shortcode.probox.php file and go to line 44, you should see the input field output, and at the end of the line there is something like:

… value='<?php echo isset($_GET['s'])?$_GET['s']:”; ?>' autocomplete="off">

change it to:

… value='<?php echo get_search_query(); ?>' autocomplete="off">

The problem will disappear right away. I'm including this fix in the upcoming version of course.

Best,
Ernest Marcinko

If you like my products, don't forget to rate them on codecanyon :)