mysql injection possibility
I have yet to test it, but I am pretty sure anyone can inject mysql queries into the search field. Sorry I have not researched the code on my own, I am hoping someone else has already done that effort.
Also, I have wrote some code that allows regex searches. Is there an easy way to submit a diff?
|