preg_quote search strings

diff --git a/mod/network.php b/mod/network.php
index 2a3db597e838a5d118adecd337860bbb2b4ae38c..3df8a210597fcec65d17aad193fb6d81676706b2 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -364,8 +364,8 @@ function network_content(&$a, $update = 0) {
        if(x($_GET,'search')) {
                $search = escape_tags($_GET['search']);
                $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ",
-                       dbesc($search),
-                       dbesc('\\]' . $search . '\\[')
+                       dbesc(preg_quote($search)),
+                       dbesc('\\]' . preg_quote($search) . '\\[')
                );
        }
 

diff --git a/mod/search.php b/mod/search.php
index 0b58db5d1733e302bc39f874ab6752c9c715d6e7..3f98b607f0dd92ab0a0a179eee25337fa9c37670 100644 (file)
--- a/mod/search.php
+++ b/mod/search.php
@@ -96,17 +96,10 @@ function search_content(&$a) {
        // Only public wall posts can be shown
        // OR your own posts if you are a logged in member
 
-       $escaped_search = str_replace(array('[',']'),array('\\[','\\]'),$search);
-
-//     $s_bool  = sprintf("AND MATCH (`item`.`body`) AGAINST ( '%s' IN BOOLEAN MODE )", dbesc($search));
        $s_regx  = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", 
-               dbesc($escaped_search), dbesc('\\]' . $escaped_search . '\\['));
-
-//     if(mb_strlen($search) >= 3)
-//             $search_alg = $s_bool;
-//     else
+               dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\['));
 
-               $search_alg = $s_regx;
+       $search_alg = $s_regx;
 
        $r = q("SELECT COUNT(*) AS `total`
                FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`