Escape potentially dangerous input in the search field

2025-10-01 17:45:31 +01:00
parent acca51da20
commit 87fd97730e
1 changed files with 1 additions and 1 deletions
--- a/src/routes/form_actions.js
+++ b/src/routes/form_actions.js
@@ -201,7 +201,7 @@ router.post("/submit_edit_post", (req,res) => {
 }); // /submit_edit

 router.get('/search', (req, res) => {
-	const search_term = req.query.q; // 'q' is the parameter name
+	const search_term = func.escape_input(req.query.q); // 'q' is the parameter name
 	let search_type = req.query.type; // eg 'post', 'user'
 	if (typeof search_type == 'string') { // Make the search_term an array 
 		search_type = [ search_type ]