Why does mpac_autocomplete() call filter_xss_admin() on the search query?

Created on 17 August 2016, over 8 years ago

Updated 26 November 2024, about 1 month ago

From mpac.module:

function mpac_autocomplete() {
  [..]
  $title = filter_xss_admin($query);
  // Get a list of all nodes where the title matches the given string.
  $matches = _mpac_get_matches_for_nodes($title);

I am curious why the filter_xss_admin() is needed here.
From what I can see, the string is only used in db queries, but not displayed anywhere. So it should be fine to use the string as-is.

(I am asking because I have similar code in a different module (menu_editor), which I want to clean up.)

💬 Support request

Status

Closed: outdated

Version

1.0

Component

Code

Created by

🇩🇪Germany donquixote

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 month ago →
🇺🇦Ukraine AstonVictor
I'm closing it because the issue was created a long time ago without any further steps.

if you still need it then raise a new one.
thanks

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024