From 87fd97730e988ceb0ccc486ce23626b7bd2b9638 Mon Sep 17 00:00:00 2001
From: deadvey <deadvey@deadvey.com>
Date: Wed, 1 Oct 2025 17:45:31 +0100
Subject: [PATCH] Escape potentially dangerous input in the search field

---
 src/routes/form_actions.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/form_actions.js b/src/routes/form_actions.js
index 4984a42..4fc1a94 100644
--- a/src/routes/form_actions.js
+++ b/src/routes/form_actions.js
@@ -201,7 +201,7 @@ router.post("/submit_edit_post", (req,res) => {
 }); // /submit_edit
 
 router.get('/search', (req, res) => {
-	const search_term = req.query.q; // 'q' is the parameter name
+	const search_term = func.escape_input(req.query.q); // 'q' is the parameter name
 	let search_type = req.query.type; // eg 'post', 'user'
 	if (typeof search_type == 'string') { // Make the search_term an array 
 		search_type = [ search_type ]