From 6e66b32fe1277e39db7534792c1791a81ca7b53d Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Thu, 17 Sep 2015 19:03:03 -0400
Subject: [PATCH] dont escape the query that is send to search escape on the
 way out

---
 src/controllers/search.js | 1 -
 src/search.js             | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/search.js b/src/controllers/search.js
index dc58119a57..5382c3db5b 100644
--- a/src/controllers/search.js
+++ b/src/controllers/search.js
@@ -17,7 +17,6 @@ searchController.search = function(req, res, next) {
 		return next();
 	}
 
-	req.params.term = validator.escape(req.params.term);
 	var page = Math.max(1, parseInt(req.query.page, 10)) || 1;
 	if (req.query.categories && !Array.isArray(req.query.categories)) {
 		req.query.categories = [req.query.categories];
diff --git a/src/search.js b/src/search.js
index 127588a5cd..ac8dd2090e 100644
--- a/src/search.js
+++ b/src/search.js
@@ -1,6 +1,7 @@
 'use strict';
 
 var async = require('async'),
+	validator = require('validator'),
 
 	db = require('./database'),
 	posts = require('./posts'),
@@ -21,7 +22,7 @@ search.search = function(data, callback) {
 			return callback(err);
 		}
 
-		result.search_query = query;
+		result.search_query = validator.escape(query);
 		if (searchIn === 'titles' || searchIn === 'titlesposts') {
 			searchIn = 'posts';
 		}