From bc228f156741b7e3e76517034e52463eb7d73fc2 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 21 Oct 2005 13:28:09 +0200
Subject: [PATCH] fix for XSS problem in searchbox

darcs-hash:20051021112809-7ad00-f49197c217bed86e74e5f199b83861f55f77b78d.gz
---
 inc/template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/template.php b/inc/template.php
index ba64d4120..0deeff32d 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -542,7 +542,7 @@ function tpl_searchform(){
   print '<input type="text" ';
   
   if ($ACT == 'search')
-    print 'value="'.$_REQUEST['id'].'" '; /* keep search input as long as user stays on search page */
+    print 'value="'.htmlspecialchars($_REQUEST['id']).'" ';
     
   print 'id="qsearch_in" accesskey="f" name="id" class="edit" onkeyup="ajax_qsearch.call(\'qsearch_in\',\'qsearch_out\')" />';
   print '<input type="submit" value="'.$lang['btn_search'].'" class="button" />';
-- 
GitLab