From 579ea9bc3684eb59e46862a18193508820ae7aae Mon Sep 17 00:00:00 2001
From: deepak-srivastava <deepak.srivastava.0303@gmail.com>
Date: Wed, 22 Jul 2015 14:29:15 +0100
Subject: [PATCH] 1. escape grid wise search input, 2. correctify search column
 numbers

---
 CRM/Contact/Page/AJAX.php                 | 2 ++
 templates/CRM/Contact/Page/DedupeFind.tpl | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index 50e0d31cce..fea8d422ee 100644
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -695,6 +695,8 @@ LIMIT {$offset}, {$rowCount}
     $join  = '';
     $where = array();
     $searchData = CRM_Utils_Array::value('search', $_REQUEST);
+    $searchData['value'] = CRM_Utils_Type::escape($searchData['value'], 'String');
+
     if ($src || !empty($searchData['value']) ) {
       $src = $src ? $src : $searchData['value'];
       $where[] = " cc1.display_name LIKE '%{$src}%'";
diff --git a/templates/CRM/Contact/Page/DedupeFind.tpl b/templates/CRM/Contact/Page/DedupeFind.tpl
index 003f95b049..a24057f8a3 100644
--- a/templates/CRM/Contact/Page/DedupeFind.tpl
+++ b/templates/CRM/Contact/Page/DedupeFind.tpl
@@ -38,11 +38,11 @@
           </td>
           <td class="crm-contact-form-block-contact2">
             <label for="contact2">{ts}Contact 2{/ts}</label><br />
-            <input type="text" placeholder="Search Contact2" search-column="5" />
+            <input type="text" placeholder="Search Contact2" search-column="4" />
           </td>
           <td class="crm-contact-form-block-email1">
             <label for="email1">{ts}Email 1{/ts}</label><br />
-            <input type="text" placeholder="Search Email1" search-column="3" />
+            <input type="text" placeholder="Search Email1" search-column="5" />
           </td>
           <td class="crm-contact-form-block-email2">
             <label for="email2">{ts}Email 2{/ts}</label><br />
@@ -85,7 +85,7 @@
     <input type='checkbox' id ='crm-dedupe-display-selection' name="display-selection">
     <label for="display-selection">{ts}Within Selections{/ts}&nbsp;</label>  
   </span>
-  <table id="dupePairs" class="nestedActivitySelector form-layout-compressed" cellspacing="0" width="100%">
+  <table id="dupePairs" class="form-layout-compressed" cellspacing="0" width="100%">
     <thead>
       <tr class="columnheader"> 
         <th class="crm-dedupe-selection"><input type="checkbox" value="0" name="pnid_all" class="crm-dedupe-select-all"></th>
-- 
2.25.1