specialchars() text in search results

darcs-hash:20080709225942-84dde-80c201825f566af717456f13d17e7382ce234692.gz

diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php
index 045d99e39ac41f9e9adc2f691b1ac0497083c08c..5d10140173d1397046e3071f8287964957fa587a 100644 (file)
--- a/actions/peoplesearch.php
+++ b/actions/peoplesearch.php
@@ -158,7 +158,7 @@ class PeoplesearchAction extends Action {
 
        function highlight($text, $terms) {
                $pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i';
-               $result = preg_replace($pattern, '<strong>\\1</strong>', $text);
+               $result = preg_replace($pattern, '<strong>\\1</strong>', htmlspecialchars($text));
                return $result;
        }
 }