From 3422dc8b8c5c9bac2f0dd7ae81e29e413966f93b Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Fri, 6 Dec 2002 14:35:36 +0000
Subject: [PATCH] Fix possible scipting issue with username search

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3179 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_search.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php
index 894257713a..8399058eda 100644
--- a/phpBB/includes/functions_search.php
+++ b/phpBB/includes/functions_search.php
@@ -91,7 +91,7 @@ function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
 
 function split_words(&$entry, $mode = 'post')
 {
-	$rex = ( $mode == 'post' ) ? "/\b(\w[\w']*\w+|\w+?)\b/" : '/(\*?[à-ÿa-z0-9]+\*?)|\b([à-ÿa-z0-9]+)\b/';
+	$rex = ( $mode == 'post' ) ? "/\b([\w±µ-ÿ][\w±µ-ÿ']*[\w±µ-ÿ]+|[\w±µ-ÿ]+?)\b/" : '/(\*?[a-z±µ-ÿ]+\*?)|\b([a-z±µ-ÿ]+)\b/';
 	preg_match_all($rex, $entry, $split_entries);
 
 	return $split_entries[1];
@@ -259,7 +259,8 @@ function remove_common($mode, $fraction, $word_id_list = array())
 {
 	global $db;
 
-	$sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE;
+	$sql = "SELECT COUNT(post_id) AS total_posts 
+		FROM " . POSTS_TABLE;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql);
@@ -459,7 +460,7 @@ function username_search($search_match)
 	);
 
 	$template->assign_vars(array(
-		'USERNAME' => ( !empty($search_match) ) ? $search_match : '', 
+		'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '', 
 
 		'L_CLOSE_WINDOW' => $lang['Close_window'], 
 		'L_SEARCH_USERNAME' => $lang['Find_username'],