From 9632b286580babccc0b3349c5cdab6a04843e19f Mon Sep 17 00:00:00 2001
From: Kai Hendry <hendry@webconverger.com>
Date: Fri, 11 Jul 2014 18:13:26 +0800
Subject: [PATCH] Thanks to Claudio Mettler for pointing out I've had a PHP
 vulnerabilty in my code for years

---
 grep.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grep.php b/grep.php
index 28c9a72..98fbf4e 100644
--- a/grep.php
+++ b/grep.php
@@ -3,7 +3,7 @@ header('Content-type: application/json');
 if (empty($_GET['q'])) { die(); }
 
 // Is this the correct way to sanitise args to shell from PHP?
-$QUERY=urldecode(escapeshellarg(urlencode($_GET['q'])));
+$QUERY=escapeshellarg($_GET['q']);
 
 // Debug Logging
 //$fp = fopen('debug.log', 'a');