Open AllenEllis opened 4 years ago
Users are starting to game the system and put rogue HTML characters into the search box.
This is probably a simple matter of running html_entities() on any user input before it is allowed to propogate further through the code.
html_entities()
Users are starting to game the system and put rogue HTML characters into the search box.
This is probably a simple matter of running
html_entities()
on any user input before it is allowed to propogate further through the code.