Fix escaping of inputs

author Jamie Cameron <jcameron@webmin.com>

Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)

committer Jamie Cameron <jcameron@webmin.com>

Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)
author Jamie Cameron <jcameron@webmin.com>
Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)
committer Jamie Cameron <jcameron@webmin.com>
Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)
diff --git a/webmin_search.cgi b/webmin_search.cgi

index 3c617a6..d196ab7 100644 (file)
--- a/webmin_search.cgi
+++ b/webmin_search.cgi
@@ -132,7 +132,8 @@ MODULE: foreach $m (@mods) {
         }
  
  if (!$count) {
-       print "<b>",&text('wsearch_enone', "<tt>$re</tt>"),"</b><p>\n";
+       print "<b>",&text('wsearch_enone',
+               "<tt>".&html_escape($re)."</tt>"),"</b><p>\n";
         }
  
  &ui_print_footer();
@@ -151,7 +152,7 @@ if ($str =~ /(.*)(\Q$re\E)(.*)/i) {
         if (length($after) > $hlen) {
                 $after = substr($after, 0, $hlen)."...";
                 }
-       $str = $before."<b>".$match."</b>".$after;
+       $str = $before."<b>".&html_escape($match)."</b>".$after;
         }
  return $str;
  }
author	Jamie Cameron <jcameron@webmin.com>
	Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)
committer	Jamie Cameron <jcameron@webmin.com>
	Thu, 7 Feb 2008 17:00:38 +0000 (17:00 +0000)