From a68da1c95118e9f762e8729cce13543a5e1cf7a0 Mon Sep 17 00:00:00 2001
From: ywarnier <ywarnier@beeznest.org>
Date: Sun, 24 Apr 2011 09:55:20 -0500
Subject: [PATCH] Security - Added filtering of search_term variable

---
 main/auth/courses_controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/auth/courses_controller.php b/main/auth/courses_controller.php
index de8c2e8118..f5cab448af 100755
--- a/main/auth/courses_controller.php
+++ b/main/auth/courses_controller.php
@@ -141,7 +141,7 @@ class CoursesController { // extends Controller {
         $data['browse_courses_in_category'] = $this->model->search_courses($search_term);
         $data['browse_course_categories']   = $browse_course_categories;
 
-        $data['search_term'] = $search_term;
+        $data['search_term'] = Security::remove_XSS($search_term); //filter before showing in template
 
         // getting all the courses to which the user is subscribed to
         $curr_user_id = api_get_user_id();