I've got a simple search script which returns results based on a query string from the URL:
$filter_query = request_param('query');
if ($filter_query) {
$topic_filters['query'] = $filter_query;
$smarty->assign('query', $filter_query);
}
However currently this is exposed to XSS and abuse as its not sanitising the input of 'query'.
Im using Smarty Templates, are there any inbuilt functions to do this automatically?