Avoid XSS vulnerability on the search engine

author Daniel Veillard <veillard@redhat.com>

Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)

committer Daniel Veillard <veillard@redhat.com>

Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)
author Daniel Veillard <veillard@redhat.com>
Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)
committer Daniel Veillard <veillard@redhat.com>
Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)
diff --git a/docs/search.php.code.in b/docs/search.php.code.in

index df25cd65783bf17a7db491a2c3cf450d2d347a2d..84f87591d5b1baa5856d56eb71f9cc9b09517351 100644 (file)
--- a/docs/search.php.code.in
+++ b/docs/search.php.code.in
@@ -13,7 +13,7 @@
  
  <form action="<?php echo $_SERVER['PHP_SELF'], "?query=", rawurlencode($query) ?>"
        enctype="application/x-www-form-urlencoded" method="get">
-  <input name="query" type="text" size="50" value="<?php echo $query?>"/>
+  <input name="query" type="text" size="50" value="<?php echo htmlspecialchars($query, ENT_QUOTES, 'UTF-8')?>"/>
    <select name="scope">
      <option value="any">Search All</option>
      <option value="API" <?php if ($scope == 'API') print "selected='selected'"?>>Only the APIs</option>
author	Daniel Veillard <veillard@redhat.com>
	Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)
committer	Daniel Veillard <veillard@redhat.com>
	Fri, 3 Jul 2015 12:47:08 +0000 (20:47 +0800)