diff -r d015f5c9b308 -r ce4919f37489 inc/dns.inc.php
--- a/inc/dns.inc.php	Thu Jan 03 21:52:57 2008 +0000
+++ b/inc/dns.inc.php	Thu Jan 03 22:30:40 2008 +0000
@@ -518,9 +518,14 @@
 	return preg_match('!^(http://)(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+([//]([0-9a-z//~#%&\'_\-+=:?.]*))?$!i',  $url);
 }
 
-		/****************************************
-		 *					*
-		 *    END OF RECORD VALIDATING PART.	*
-		 *					*
-		 ***************************************/
+function is_valid_search($holygrail)
+{
+	// Only allow for alphanumeric, numeric, dot, dash, underscore and 
+	// percent in search string. The last two are wildcards for SQL.
+	// Needs extension probably for more usual record types.
+
+	return preg_match('/^[a-z0-9.\-%_]+$/i', $holygrail);
+}
+
+
 ?>