fix XSS

[freeside.git] / httemplate / search / elements / search-html.html

diff --git a/httemplate/search/elements/search-html.html b/httemplate/search/elements/search-html.html
index d7e8128..5c8001f 100644 (file)
--- a/httemplate/search/elements/search-html.html
+++ b/httemplate/search/elements/search-html.html
@@ -341,9 +341,9 @@
 %                                       $_ =~ /^\d+$/ ) {
 %                             # for the 'straight SQL' case: specify fields
 %                             # by position
-%                               $row->[$_];
+%                               encode_entities($row->[$_]);
 %                             } else {
-%                               $row->$_();
+%                               encode_entities($row->$_());
 %                             }
 %                           }
 %                       @{$opt{'fields'}}