[MLmsw]

Hi,

There is an issue with search form ( $_REQUEST ) value. This value isn’t verified and stripped in BP code.
I think we must add some filters to avoid injection by this parameter, or to correctly display value in form back.

For example :
* Try to search here this value : hello’s -> form will display hello’s or try : “lol”

Maybe a the next release add filter before using $_REQUEST ?

ML

[MLmsw]

Hi,

No feedback from bp dev team ?
-> Try search : hello’s”””

ML