Sanitize search queries, thanks to Lukas Reschke

2012-05-13 15:57:10 -04:00 · 2012-05-13 15:57:10 -04:00 · 198b73ddd1
parent 3ce6eca40a
commit 198b73ddd1
1 changed files with 1 additions and 1 deletions
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@ -30,7 +30,7 @@
 		<header><div id="header">
 			<a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
 			<form class="searchbox" action="#" method="post">
-				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo $_POST['query'];};?>" autocomplete="off" />
+				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo htmlentities($_POST['query']);};?>" autocomplete="off" />
 			</form>
 			<a id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true"><img class="svg" alt="<?php echo $l->t('Log out');?>" title="<?php echo $l->t('Log out');?>" src="<?php echo image_path('', 'actions/logout.svg'); ?>" /></a>
 		</div></header>