X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=blobdiff_plain;f=application%2Fcontrollers%2Fcatalog.php;h=7d86d36474f810d114936d9a861f6f26879e0ac8;hb=e7bb29c6cc8d766a65ec34f257d110ed41364481;hp=1addf0db43380a857dac759765b0c50b3c44a6de;hpb=69c30ca56fdc6a4eff236902040cc04ec6eaccf2;p=living-lab-site.git

diff --git a/application/controllers/catalog.php b/application/controllers/catalog.php
index 1addf0d..7d86d36 100644
--- a/application/controllers/catalog.php
+++ b/application/controllers/catalog.php
@@ -148,11 +148,12 @@ class Catalog extends CI_Controller {
 	{
 		// Redirect to an URL which contains search string if data was passed
 		// via POST method and not via URL segments.
-		$str_post_search = $this->input->post('search', TRUE);
+		$str_post_search = $this->input->post('search');
 		if ($search_query === "" && $str_post_search !== FALSE) 
-			redirect('catalog/search/'. $this->input->post('search', TRUE));
+			redirect('catalog/search/'. $str_post_search);
 
 		$this->load->model('videos_model');
+		$this->load->library('security');
 		
 		// **
 		// ** LOADING MODEL
@@ -160,6 +161,9 @@ class Catalog extends CI_Controller {
 		// Search query is encoded for URL and must be decoded.
 		$enc_search_query = $search_query;
 		$search_query = $this->videos_model->decode_search_query($search_query);
+		
+		// Security filtering
+		$search_query = $this->security->xss_clean($search_query);
 		$results_data['search_query'] = $search_query;
 
 		// Category