FIxed vulnerability in forum search

2016-02-13 20:15:21 -05:00 · 2016-02-13 20:15:21 -05:00 · 565fcf08a3
commit 565fcf08a3
parent 3649bc135a
1 changed files with 1 additions and 1 deletions
--- a/app/views/forum/search.php
+++ b/app/views/forum/search.php
@ -1,7 +1,7 @@
 <div id="forum">
  <div style="margin-bottom: 1em;">
    <?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?>
-      <?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?>
+      <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
      <?= $this->submitTag($this->t('.search'))?>
    <?php }) ?>
  </div>