At the search we should do it as well.

author Michael Vogel <ike@pirati.ca>

Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)

committer Michael Vogel <ike@pirati.ca>

Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)
author Michael Vogel <ike@pirati.ca>
Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)
committer Michael Vogel <ike@pirati.ca>
Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)
diff --git a/include/text.php b/include/text.php

index 3aec42b3239b1fbee986d15b60183f53f05fc9fa..2276f6688d7074a9ef50d5797236ad17a998ca71 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -988,7 +988,7 @@ function search($s,$id='search-box',$url='search',$save = false, $aside = true)
         $a = get_app();
  
         $values = array(
-                       '$s' => $s,
+                       '$s' => htmlspecialchars($s),
                         '$id' => $id,
                         '$action_url' => $url,
                         '$search_label' => t('Search'),
author	Michael Vogel <ike@pirati.ca>
	Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)
committer	Michael Vogel <ike@pirati.ca>
	Fri, 23 Sep 2016 06:36:48 +0000 (06:36 +0000)