From 392a4f1785581e2246e75716f1cca61ad6f7ee2c Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Fri, 10 Mar 2017 11:42:57 -0800
Subject: [PATCH] Filter on query.

---
 e107_plugins/pm/pm.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/e107_plugins/pm/pm.php b/e107_plugins/pm/pm.php
index dd2797309..7152941be 100755
--- a/e107_plugins/pm/pm.php
+++ b/e107_plugins/pm/pm.php
@@ -616,7 +616,9 @@ function pm_user_lookup()
 {
 	$sql = e107::getDb();
 
-	$query = "SELECT * FROM #user WHERE user_name REGEXP '^".$_POST['keyword']."' ";
+	$tp = e107::getParser();
+
+	$query = "SELECT * FROM #user WHERE user_name REGEXP '^".$tp->filter($_POST['keyword'],'w')."' ";
 	if($sql->gen($query))
 	{
 		echo '[';