From 531b5844d08352f5dde74948e36b4b383e663446 Mon Sep 17 00:00:00 2001
From: Parziphal <asterixvader@gmail.com>
Date: Sat, 13 Feb 2016 20:29:57 -0500
Subject: [PATCH] Fix more vulnerabilities

---
 app/views/comment/search.php        | 2 +-
 app/views/forum/index.php           | 2 +-
 app/views/note/search.php           | 2 +-
 app/views/pool/index.php            | 2 +-
 app/views/post/moderate.php         | 2 +-
 app/views/tag_alias/index.php       | 2 +-
 app/views/tag_implication/index.php | 2 +-
 app/views/wiki/_sidebar.php         | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/views/comment/search.php b/app/views/comment/search.php
index 3a789d8..bcb6037 100755
--- a/app/views/comment/search.php
+++ b/app/views/comment/search.php
@@ -1,7 +1,7 @@
 <div id="forum">
   <div style="margin-bottom: 1em;">
     <?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?>
-      <?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?>
+      <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
       <?= $this->submitTag($this->t('.submit')) ?>
     <?php }) ?>
   </div>
diff --git a/app/views/forum/index.php b/app/views/forum/index.php
index f0f0326..c0d6285 100755
--- a/app/views/forum/index.php
+++ b/app/views/forum/index.php
@@ -1,7 +1,7 @@
 <div id="forum">
   <div id="search" style="margin-bottom: 1em;">
     <?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?>
-      <?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?>
+      <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
       <?= $this->submitTag($this->t('.search')) ?>
     <?php }) ?>
   </div>
diff --git a/app/views/note/search.php b/app/views/note/search.php
index 87046a7..3732eac 100755
--- a/app/views/note/search.php
+++ b/app/views/note/search.php
@@ -1,7 +1,7 @@
 <h4><?= $this->t('.title') ?></h4>
 
 <?= $this->formTag(['action' => 'search'], ['method' => 'get'], function(){ ?>
-  <?= $this->textFieldTag("query", $this->params()->query,  ['size' => '40']) ?> <?= $this->submitTag($this->t('.search')) ?>
+  <?= $this->textFieldTag("query", $this->h($this->params()->query),  ['size' => '40']) ?> <?= $this->submitTag($this->t('.search')) ?>
 <?php }) ?>
 
 <?php if ($this->notes) : ?>
diff --git a/app/views/pool/index.php b/app/views/pool/index.php
index 63fec1e..98492b6 100755
--- a/app/views/pool/index.php
+++ b/app/views/pool/index.php
@@ -4,7 +4,7 @@
       <?php if ($this->params()->order) : ?>
       <?= $this->hiddenFieldTag("order", $this->params()->order) ?>
       <?php endif ?>
-      <?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?>
+      <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
       <?= $this->submitTag($this->t('.search'), ['name' => '']) ?>
     <?php }) ?>
   </div>
diff --git a/app/views/post/moderate.php b/app/views/post/moderate.php
index 81b6808..4cb2a01 100755
--- a/app/views/post/moderate.php
+++ b/app/views/post/moderate.php
@@ -1,5 +1,5 @@
 <form method="get" action="/post/moderate">
-  <?= $this->textFieldTag("query", $this->params()->query, ['size' => '40']) ?>
+  <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => '40']) ?>
   <?= $this->submitTag($this->t('buttons.search')) ?>
 </form>
 
diff --git a/app/views/tag_alias/index.php b/app/views/tag_alias/index.php
index f895989..c2f9f61 100755
--- a/app/views/tag_alias/index.php
+++ b/app/views/tag_alias/index.php
@@ -1,6 +1,6 @@
 <div style="margin-bottom: 1em;">
   <?= $this->formTag([], ['method' => 'get'], function(){ ?>
-    <?= $this->textFieldTag("query", $this->params()->query) ?>
+    <?= $this->textFieldTag("query", $this->h($this->params()->query)) ?>
     <?= $this->submitTag($this->t('.search')) ?>
     <?= $this->submitTag($this->t('tag_implication.index.search')) ?>
   <?php }) ?>
diff --git a/app/views/tag_implication/index.php b/app/views/tag_implication/index.php
index 83f3b42..c90f06f 100755
--- a/app/views/tag_implication/index.php
+++ b/app/views/tag_implication/index.php
@@ -1,6 +1,6 @@
 <div style="margin-bottom: 1em;">
   <?= $this->formTag(['action' => "index"], ['method' => 'get'], function(){ ?>
-    <?= $this->textFieldTag("query", $this->params()->query) ?>
+    <?= $this->textFieldTag("query", $this->h($this->params()->query)) ?>
     <?= $this->submitTag($this->t('.search')) ?>
     <?= $this->submitTag($this->t('tag_alias.index.search')) ?>
   <?php }) ?>
diff --git a/app/views/wiki/_sidebar.php b/app/views/wiki/_sidebar.php
index 9ea6da0..31be661 100755
--- a/app/views/wiki/_sidebar.php
+++ b/app/views/wiki/_sidebar.php
@@ -2,7 +2,7 @@
   <div style="margin-bottom: 1em;">
     <h6>Search</h6>
     <?= $this->formTag(['action' => "index"], ['method' => "get"], function(){ ?>
-      <?= $this->textFieldTag("query", $this->params()->query, ['size' => 20, 'id' => "search-box"]) ?>
+      <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 20, 'id' => "search-box"]) ?>
     <?php }) ?>
   </div>