the search function doesn't handle magic_quotes_gpc=On properly. In cmsimple/search.php stsl($search) has to be put on line 40 instead of line 71. Or should stsl() be called in initvar(). I still don't like initvar(), but as it's already there it might be useful for this purpose. OTOH this might be incompatible to existing code (e.g. plugins).
However, in cmsimple/cms.php line 1192 has of course to be changed:
Code: Select all
$words = explode(',', stsl($_GET['search']));