From b8f61362f570e1ef8127175331012b7fc8aba802 Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Thu, 1 Jun 2023 16:44:40 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B06348=20-=20Hardening=20code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pages/UI.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/UI.php b/pages/UI.php index e83877864..f8ac61627 100644 --- a/pages/UI.php +++ b/pages/UI.php @@ -569,8 +569,8 @@ try if ($sQuery !== $sFullText) { $sQueryLabel = $sFullText; } - GlobalSearchHelper::AddQueryToHistory($sQuery, $sQueryIconUrl, $sQueryLabel); - $oP->SetBlockParam('ibo-global-search.sQuery', $sQuery); + GlobalSearchHelper::AddQueryToHistory(utils::EscapeHtml($sQuery), $sQueryIconUrl, $sQueryLabel); + $oP->SetBlockParam('ibo-global-search.sQuery', utils::EscapeHtml($sQuery)); // Check the needle length $iMinLenth = MetaModel::GetConfig()->Get('full_text_needle_min');