From d4c56126be04f29aa8f210e5c01f6a9feadd6859 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Mon, 18 Dec 2023 07:58:37 +0700
Subject: [PATCH] Updated

---
 search.php  | 2 +-
 tracker.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/search.php b/search.php
index 12fa5c6a..b0e80fe6 100644
--- a/search.php
+++ b/search.php
@@ -96,7 +96,7 @@ $url   = basename(__FILE__);
 $anon_id    = GUEST_UID;
 $user_id    = $userdata['user_id'];
 $lastvisit  = (IS_GUEST) ? TIMENOW : $userdata['user_lastvisit'];
-$search_id  = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? $_GET['id'] : '';
+$search_id  = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? DB()->escape($_GET['id']) : '';
 $session_id = $userdata['session_id'];
 
 $items_found = $items_display = $previous_settings = null;
diff --git a/tracker.php b/tracker.php
index 9d26b34d..511d23f4 100644
--- a/tracker.php
+++ b/tracker.php
@@ -47,7 +47,7 @@ $start = isset($_REQUEST['start']) ? abs(intval($_REQUEST['start'])) : 0;
 $set_default = isset($_GET['def']);
 $user_id     = $userdata['user_id'];
 $lastvisit   = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
-$search_id   = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? $_GET['search_id'] : '';
+$search_id   = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? DB()->escape($_GET['id']) : '';
 $session_id  = $userdata['session_id'];
 
 $cat_forum = $tor_to_show = $search_in_forums_ary = array();