fix for XSS problem in searchbox

darcs-hash:20051021112809-7ad00-f49197c217bed86e74e5f199b83861f55f77b78d.gz
author: Andreas Gohr <andi@splitbrain.org> 2005-10-21 13:28:09 +0200
committer: Andreas Gohr <andi@splitbrain.org> 2005-10-21 13:28:09 +0200
commit: bc228f156741b7e3e76517034e52463eb7d73fc2 (patch)
tree: d13363995641435bf7f4721dc0383e02c3260539
parent: 81124000ddd28d1b4c8c39847dfe27783342ea75 (diff)
download: rpg-bc228f156741b7e3e76517034e52463eb7d73fc2.tar.gz
rpg-bc228f156741b7e3e76517034e52463eb7d73fc2.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/template.php b/inc/template.php
index ba64d4120..0deeff32d 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -542,7 +542,7 @@ function tpl_searchform(){
   print '<input type="text" ';
   
   if ($ACT == 'search')
-    print 'value="'.$_REQUEST['id'].'" '; /* keep search input as long as user stays on search page */
+    print 'value="'.htmlspecialchars($_REQUEST['id']).'" ';
     
   print 'id="qsearch_in" accesskey="f" name="id" class="edit" onkeyup="ajax_qsearch.call(\'qsearch_in\',\'qsearch_out\')" />';
   print '<input type="submit" value="'.$lang['btn_search'].'" class="button" />';
author	Andreas Gohr <andi@splitbrain.org>	2005-10-21 13:28:09 +0200
committer	Andreas Gohr <andi@splitbrain.org>	2005-10-21 13:28:09 +0200
commit	bc228f156741b7e3e76517034e52463eb7d73fc2 (patch)
tree	d13363995641435bf7f4721dc0383e02c3260539
parent	81124000ddd28d1b4c8c39847dfe27783342ea75 (diff)
download	rpg-bc228f156741b7e3e76517034e52463eb7d73fc2.tar.gz rpg-bc228f156741b7e3e76517034e52463eb7d73fc2.tar.bz2