gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-09 18:42:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix vulnerablity against xss attack

Browse Source
This commit is contained in:
Uwe Steinmann 2014-02-26 22:42:26 +01:00
parent 31ffad39a8
commit 0be40d61c8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.Search.php
View File

@ -110,7 +110,7 @@ class SeedDMS_View_Search extends SeedDMS_Bootstrap_Style {
<tr> <tr>
<td><?php printMLText("search_query");?>:</td> <td><?php printMLText("search_query");?>:</td>
<td> <td>
<input type="text" name="query" value="<?php echo $this->query; ?>" /> <input type="text" name="query" value="<?php echo htmlspecialchars($this->query); ?>" />
<select name="mode"> <select name="mode">
<option value="1" <?php echo ($mode=='AND') ? "selected" : ""; ?>><?php printMLText("search_mode_and");?> <option value="1" <?php echo ($mode=='AND') ? "selected" : ""; ?>><?php printMLText("search_mode_and");?>
<option value="0"<?php echo ($mode=='OR') ? "selected" : ""; ?>><?php printMLText("search_mode_or");?> <option value="0"<?php echo ($mode=='OR') ? "selected" : ""; ?>><?php printMLText("search_mode_or");?>
@ -246,7 +246,7 @@ class SeedDMS_View_Search extends SeedDMS_Bootstrap_Style {
<tr> <tr>
<td><?php printMLText("search_query");?>:</td> <td><?php printMLText("search_query");?>:</td>
<td> <td>
<input type="text" name="query" value="<?php echo $this->query; ?>" /> <input type="text" name="query" value="<?php echo htmlspecialchars($this->query); ?>" />
<!-- <!--
<select name="mode"> <select name="mode">
<option value="1" selected><?php printMLText("search_mode_and");?> <option value="1" selected><?php printMLText("search_mode_and");?>