From 91cab9cc8779d52034cacfac5ad23d158be8f2cb Mon Sep 17 00:00:00 2001
From: ghost <noreply@localhost>
Date: Fri, 15 Jul 2022 08:33:44 +0300
Subject: [PATCH] fix search request vulnerability

---
 public/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/index.php b/public/index.php
index a57a611..fb6c0f6 100755
--- a/public/index.php
+++ b/public/index.php
@@ -4,7 +4,7 @@ require_once('../config.php');
 require_once('../library/icon.php');
 require_once('../library/mysql.php');
 
-$query = isset($_GET['q'])  ? $_GET['q'] : false;
+$query = isset($_GET['q'])  ? preg_replace('/[\W\D\S]+/',     '', $_GET['q']) : false;
 $ns    = isset($_GET['ns']) ? preg_replace('/[^a-zA-Z0-9]+/', '', $_GET['ns']) : false;
 $tx    = isset($_GET['tx']) ? preg_replace('/[^a-zA-Z0-9]+/', '', $_GET['tx']) : false;
 $page  = (int) isset($_GET['page']) ? $_GET['page'] : 0;