From 1632d295efb90685e20fa816b5a625febadc6061 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 29 Aug 2019 20:40:59 -0600
Subject: [PATCH] Update ApiController

---
 app/Http/Controllers/ApiController.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/ApiController.php b/app/Http/Controllers/ApiController.php
index 6903b3d41..d71da8ce8 100644
--- a/app/Http/Controllers/ApiController.php
+++ b/app/Http/Controllers/ApiController.php
@@ -81,11 +81,13 @@ class ApiController extends BaseApiController
 
     public function composeLocationSearch(Request $request)
     {
+        abort_if(!Auth::check(), 403);
         $this->validate($request, [
             'q' => 'required|string'
         ]);
-
-        $places = Place::where('name', 'like', '%' . $request->input('q') . '%')
+        $q = filter_var($request->input('q'), FILTER_SANITIZE_STRING);
+        $q = '%' . $q . '%';
+        $places = Place::where('name', 'like', $q)
             ->take(25)
             ->get()
             ->map(function($r) {