Fix search issue with special characters, and escape them in SQL. #844

include/functions_entries.inc.php

@@ -883,7 +883,8 @@ function &serendipity_searchEntries($term, $limit = '', $searchresults = '') {
         $term             = str_replace('"', '"', $term);
         $relevance_enabled = true;
         if (preg_match('@["\+\-\*~<>\(\)]+@', $term)) {
-            $cond['find_part'] = "MATCH(title,body,extended) AGAINST('$term' IN BOOLEAN MODE)";
+            $term = serendipity_db_escape_string($term);
+            $cond['find_part'] = "MATCH(title,body,extended) AGAINST('\"$term\"' IN BOOLEAN MODE)";
         } else {
             $cond['find_part'] = "MATCH(title,body,extended) AGAINST('$term')";
         }