From 935c61ef11adc4ed5c5246083828bfa09379a8b4 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Mon, 18 Dec 2023 14:36:10 +0700
Subject: [PATCH] Updated

---
 search.php  | 5 ++---
 tracker.php | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/search.php b/search.php
index 12fa5c6a..2ac109bf 100644
--- a/search.php
+++ b/search.php
@@ -339,7 +339,7 @@ if ($search_id)
 		FROM ". BB_SEARCH ."
 		WHERE session_id = '$session_id'
 			AND search_type = ". SEARCH_TYPE_POST ."
-			AND search_id = '$search_id'
+			AND search_id = '". DB()->escape($search_id) ."'
 		LIMIT 1
 	");
 
@@ -879,10 +879,9 @@ function fetch_search_ids ($sql, $search_type = SEARCH_TYPE_POST)
 	}
 
 	// Save results in DB
-	$search_id = make_rand_str(SEARCH_ID_LENGTH);
-
 	if ($items_count > $per_page)
 	{
+		$search_id = make_rand_str(SEARCH_ID_LENGTH);
 		$search_array = join(',', $items_found);
 
 		$save_in_db = array(
diff --git a/tracker.php b/tracker.php
index 9d26b34d..aef40eec 100644
--- a/tracker.php
+++ b/tracker.php
@@ -329,7 +329,7 @@ if ($search_id)
 		FROM ". BB_SEARCH ."
 		WHERE session_id = '$session_id'
 			AND search_type = ". SEARCH_TYPE_TRACKER ."
-			AND search_id = '$search_id'
+			AND search_id = '". DB()->escape($search_id) ."'
 		LIMIT 1
 	");