From 341fcce75ec8d16538eec6ebcdfbdd00711c6638 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 6 Dec 2011 19:51:19 -0800
Subject: [PATCH] preg_quote search strings

---
 mod/network.php |  4 ++--
 mod/search.php  | 11 ++---------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/mod/network.php b/mod/network.php
index 2a3db597e8..3df8a21059 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -364,8 +364,8 @@ function network_content(&$a, $update = 0) {
 	if(x($_GET,'search')) {
 		$search = escape_tags($_GET['search']);
 		$sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ",
-			dbesc($search),
-			dbesc('\\]' . $search . '\\[')
+			dbesc(preg_quote($search)),
+			dbesc('\\]' . preg_quote($search) . '\\[')
 		);
 	}
 
diff --git a/mod/search.php b/mod/search.php
index 0b58db5d17..3f98b607f0 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -96,17 +96,10 @@ function search_content(&$a) {
 	// Only public wall posts can be shown
 	// OR your own posts if you are a logged in member
 
-	$escaped_search = str_replace(array('[',']'),array('\\[','\\]'),$search);
-
-//	$s_bool  = sprintf("AND MATCH (`item`.`body`) AGAINST ( '%s' IN BOOLEAN MODE )", dbesc($search));
 	$s_regx  = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", 
-		dbesc($escaped_search), dbesc('\\]' . $escaped_search . '\\['));
+		dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\['));
 
-//	if(mb_strlen($search) >= 3)
-//		$search_alg = $s_bool;
-//	else
-
-		$search_alg = $s_regx;
+	$search_alg = $s_regx;
 
 	$r = q("SELECT COUNT(*) AS `total`
 		FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`