diff options
| author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-13 23:57:10 +0400 |
|---|---|---|
| committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-13 23:57:46 +0400 |
| commit | 198b73ddd11c722e199cb3008fa07751be66c488 (patch) | |
| tree | 70a2c52259de45828a061b089eca4609dde3b141 /core | |
| parent | 3ce6eca40ab83270338778986dc9550c81b86187 (diff) | |
Sanitize search queries, thanks to Lukas Reschke
Diffstat (limited to 'core')
| -rw-r--r-- | core/templates/layout.user.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index b832ac2636f..e9d105ed043 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -30,7 +30,7 @@ <header><div id="header"> <a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a> <form class="searchbox" action="#" method="post"> - <input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo $_POST['query'];};?>" autocomplete="off" /> + <input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo htmlentities($_POST['query']);};?>" autocomplete="off" /> </form> <a id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true"><img class="svg" alt="<?php echo $l->t('Log out');?>" title="<?php echo $l->t('Log out');?>" src="<?php echo image_path('', 'actions/logout.svg'); ?>" /></a> </div></header> |