Missed an htmlspecialchars().

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)
diff --git a/mod/search/index.php b/mod/search/index.php

index d62e3be72c4fbcc847b25a27dfd42c5423e6b0e6..806c2a0d995244c405671b018d1078221dceff72 100644 (file)
--- a/mod/search/index.php
+++ b/mod/search/index.php
@@ -88,14 +88,14 @@ foreach ($types as $type => $subtypes) {
  foreach ($custom_types as $type) {
         $label = "search_types:$type";
  
-       $data = http_build_query(array(
+       $data = htmlspecialchars(http_build_query(array(
                 'q' => urlencode($query),
                 'entity_subtype' => $entity_subtype,
                 'entity_type' => urlencode($entity_type),
                 'owner_guid' => urlencode($owner_guid),
                 'search_type' => $type,
                 'friends' => $friends
-       ));
+       )));
  
         $url = "{$CONFIG->wwwroot}pg/search/?$data";
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Tue, 10 Nov 2009 04:04:21 +0000 (04:04 +0000)