Home › Forums › Product Support Forums › Ajax Search Pro for WordPress Support › Escaped terms = MYSQL Query Errors + Security issues › Reply To: Escaped terms = MYSQL Query Errors + Security issues
Hi!
I’ve done a good amount of security tests, so far no problems. The query fails every time due to the multiple escape calls.
The problem occures because the plain $_GET[s] value is echoed into the search text field before escaping. I’ve found a quick and effective fix using one internal wordpress call.
If you open up the plugins/ajax-search-pro/includes/views/asp.shortcode.probox.php file and go to line 44, you should see the input field output, and at the end of the line there is something like:
... value='<?php echo isset($_GET['s'])?$_GET['s']:''; ?>' autocomplete="off">
change it to:
... value='<?php echo get_search_query(); ?>' autocomplete="off">
The problem will disappear right away. I’m including this fix in the upcoming version of course.
Best,Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)