diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:20:19 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2012-11-11 22:20:19 -0800 |
| commit | b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (patch) | |
| tree | 861ad1cfbf0db4279ccef14a3a6967376e4751a7 /httemplate/search/elements/search-html.html | |
| parent | f06a0610477b0ba8e1931722c3105b880fbc35c3 (diff) | |
fix XSS
Diffstat (limited to 'httemplate/search/elements/search-html.html')
| -rw-r--r-- | httemplate/search/elements/search-html.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/httemplate/search/elements/search-html.html b/httemplate/search/elements/search-html.html index d7e81282b..5c8001fad 100644 --- a/httemplate/search/elements/search-html.html +++ b/httemplate/search/elements/search-html.html @@ -341,9 +341,9 @@ % $_ =~ /^\d+$/ ) { % # for the 'straight SQL' case: specify fields % # by position -% $row->[$_]; +% encode_entities($row->[$_]); % } else { -% $row->$_(); +% encode_entities($row->$_()); % } % } % @{$opt{'fields'}} |