better patch for the XSS search issue

Since the query string could be output when displaying the results too

better patch for the XSS search issue
Since the query string could be output when displaying the results too
cf739b35 · Daniel Veillard · d51876bc · cf739b35
显示空白变更内容
内联并排

Showing with 3 addition and 2 deletion

docs/search.php.code.in docs/search.php.code.in +3 -2

未找到文件。
--- a/docs/search.php.code.in
+++ b/docs/search.php.code.in
@@ -9,11 +9,12 @@
    $scope = ltrim ($scope);
    if ($scope == "")
        $scope = "any";
+    $querystr = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
 ?>
 <form action="<?php echo $_SERVER['PHP_SELF'], "?query=", rawurlencode($query) ?>"
      enctype="application/x-www-form-urlencoded" method="get">
-  <input name="query" type="text" size="50" value="<?php echo htmlspecialchars($query, ENT_QUOTES, 'UTF-8')?>"/>
+  <input name="query" type="text" size="50" value="<?php echo $querystr ?>"/>
  <select name="scope">
    <option value="any">Search All</option>
    <option value="API" <?php if ($scope == 'API') print "selected='selected'"?>>Only the APIs</option>
@@ -200,7 +201,7 @@
 	    }
 	    mysql_close($link);
 	    $nb = count($results);
-	    echo "<h3 align='center'>Found $nb results for query $query</h3>\n";
+	    echo "<h3 align='center'>Found $nb results for query $querystr</h3>\n";
 	    usort($results, "resSort");
            if ($nb > 0) {