Fix for Trac #670: XSS vulnerability issue.

SVN:trunk[2589]
2026-04-23 18:48:51 +02:00 · 2013-01-22 17:39:16 +00:00
parent 32924bc054
commit 80b0a8b942
2 changed files with 3 additions and 3 deletions
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -817,7 +817,7 @@ try
 			else
 			{
 				$oP->set_title(Dict::S('UI:SearchResultsPageTitle'));
-				$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', $sFullText)."</h1>");
+				$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', htmlentities($sFullText, ENT_QUOTES, 'UTF-8'))."</h1>");
 				$iCount = 0;
 				$iBlock = 0;
 				// Search in full text mode in all the classes