Prevent XSS silliness in memorized searches.

author tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)

committer tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)
author tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)
committer tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)
diff --git a/src/search.php b/src/search.php

index dcd7b285339112c51cf2edacb0508c2f66189415..8c5532240f0300f19c5720d5d0dd4a2ad4bf21ab 100644 (file)
--- a/src/search.php
+++ b/src/search.php
@@ -383,7 +383,7 @@ if ($recent_count > 0) {
              if (isset($attributes['search_what'][$i]) &&
                  !empty($attributes['search_what'][$i])) {
              echo html_tag( 'td', $attributes['search_folder'][$i], 'left', '', 'width="35%"' )
-               . html_tag( 'td', $attributes['search_what'][$i], 'left' )
+               . html_tag( 'td', htmlentities($attributes['search_what'][$i]), 'left' )
                 . html_tag( 'td', $attributes['search_where'][$i], 'center' )
                 . html_tag( 'td', '', 'right' )
                 .   "<a href=search.php?count=$i&amp;submit=save>"
author	tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)
committer	tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 23 Jan 2003 21:47:35 +0000 (21:47 +0000)