Merge pull request #2534 from QuizandSurveyMaster/dev

Dev
QuizandSurveyMaster · Apr 25, 2024 · 64fd86a · 64fd86a
2 parents 3ef2981 + c469981
commit 64fd86a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/php/admin/admin-results-page.php b/php/admin/admin-results-page.php
@@ -152,7 +152,7 @@ function qsm_results_overview_tab_content() {
 	$order_by_sql        = 'ORDER BY time_taken_real DESC';
 	if ( isset( $_GET['qsm_search_phrase'] ) && ! empty( $_GET['qsm_search_phrase'] ) ) {
 		// Sanitizes the search phrase and then uses $wpdb->prepare to properly escape the queries after using $wpdb->esc_like.
-		$sanitized_search_phrase = sanitize_text_field( wp_unslash( $_GET['qsm_search_phrase'] ) );
+		$sanitized_search_phrase = htmlentities( sanitize_text_field( wp_unslash( $_GET['qsm_search_phrase'] ) ) );
 		$search_phrase_percents  = '%' . esc_sql( $wpdb->esc_like( $sanitized_search_phrase ) ) . '%';
 		$search_phrase_sql       = $wpdb->prepare( ' AND (quiz_name LIKE %s OR name LIKE %s OR business LIKE %s OR email LIKE %s OR phone LIKE %s)', $search_phrase_percents, $search_phrase_percents, $search_phrase_percents, $search_phrase_percents, $search_phrase_percents );
 	}