diff options
| author | Christian Fowler <spider@viovio.com> | 2006-08-27 15:05:26 +0000 |
|---|---|---|
| committer | Christian Fowler <spider@viovio.com> | 2006-08-27 15:05:26 +0000 |
| commit | eaed19b8a48dae5af29112fc57d13992b98fda53 (patch) | |
| tree | 6254697b93c8304a4a99c40aa501d8a86956a0ca | |
| parent | 8533976b1331c38a7327708d33937b9f0744fe06 (diff) | |
| download | search-eaed19b8a48dae5af29112fc57d13992b98fda53.tar.gz search-eaed19b8a48dae5af29112fc57d13992b98fda53.tar.bz2 search-eaed19b8a48dae5af29112fc57d13992b98fda53.zip | |
missed a few escaping on search words - protect against evil search entry
| -rw-r--r-- | templates/search.tpl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/search.tpl b/templates/search.tpl index 8d933b0..5d64b02 100644 --- a/templates/search.tpl +++ b/templates/search.tpl @@ -34,13 +34,13 @@ </div> {/form} - {if $words}<h2>{tr}Found '<span class="highlight">{$words}</span>' in {$cant_results} {if $where2}{$where2}{else}pages{/if}{/tr}</h2>{/if} + {if $words}<h2>{tr}Found '<span class="highlight">{$words|escape:htmlall}</span>' in {$cant_results} {if $where2}{$where2}{else}pages{/if}{/tr}</h2>{/if} {section name=search loop=$results} {* using capture for no particular reason appart from a nicer layout - xing *} {capture name=title} {assign var=guid value=$results[search].content_type_guid} - {tr}{$gLibertySystem->mContentTypes.$guid.content_description}{/tr} <a href="{$results[search].href}&highlight={$words}">{$results[search].title}</a> + {tr}{$gLibertySystem->mContentTypes.$guid.content_description}{/tr} <a href="{$results[search].href}&highlight={$words|escape:url}">{$results[search].title}</a> <small>• {tr}Relivence{/tr}: {$results[search].relivency} • {tr}Hits{/tr}: {$results[search].hits} {if $gBitSystem->isFeatureActive( 'search_fulltext' )} • |