Permalink
Browse files

MDL-21649 fixed form value quoting

  • Loading branch information...
1 parent 86a7b79 commit 311956cf45f92ac83d515759134b80cce381f27b @skodak skodak committed Mar 18, 2010
Showing with 8 additions and 8 deletions.
  1. +8 −8 search/query.php
View
@@ -183,7 +183,7 @@
<?php
if (!$advanced) {
?>
- <input type="text" name="query_string" length="50" value="<?php print stripslashes($query_string) ?>" />
+ <input type="text" name="query_string" length="50" value="<?php p(stripslashes($query_string)) ?>" />
&nbsp;<input type="submit" value="<?php print_string('search', 'search') ?>" /> &nbsp;
<a href="query.php?a=1"><?php print_string('advancedsearch', 'search') ?></a> |
<a href="stats.php"><?php print_string('statistics', 'search') ?></a>
@@ -192,23 +192,23 @@
else {
print_box_start();
?>
- <input type="hidden" name="a" value="<?php print $advanced; ?>"/>
+ <input type="hidden" name="a" value="<?php p($advanced); ?>"/>
<table border="0" cellpadding="3" cellspacing="3">
<tr>
<td width="240"><?php print_string('thesewordsmustappear', 'search') ?>:</td>
- <td><input type="text" name="mustappear" length="50" value="<?php print $adv->mustappear; ?>" /></td>
+ <td><input type="text" name="mustappear" length="50" value="<?php p($adv->mustappear); ?>" /></td>
</tr>
<tr>
<td><?php print_string('thesewordsmustnotappear', 'search') ?>:</td>
- <td><input type="text" name="notappear" length="50" value="<?php print $adv->notappear; ?>" /></td>
+ <td><input type="text" name="notappear" length="50" value="<?php p($adv->notappear); ?>" /></td>
</tr>
<tr>
<td><?php print_string('thesewordshelpimproverank', 'search') ?>:</td>
- <td><input type="text" name="canappear" length="50" value="<?php print $adv->canappear; ?>" /></td>
+ <td><input type="text" name="canappear" length="50" value="<?php p($adv->canappear); ?>" /></td>
</tr>
<tr>
@@ -241,12 +241,12 @@
<tr>
<td><?php print_string('wordsintitle', 'search') ?>:</td>
- <td><input type="text" name="title" length="50" value="<?php print $adv->title; ?>" /></td>
+ <td><input type="text" name="title" length="50" value="<?php p($adv->title); ?>" /></td>
</tr>
<tr>
<td><?php print_string('authorname', 'search') ?>:</td>
- <td><input type="text" name="author" length="50" value="<?php print $adv->author; ?>" /></td>
+ <td><input type="text" name="author" length="50" value="<?php p($adv->author); ?>" /></td>
</tr>
<tr>
@@ -305,7 +305,7 @@
print "<br />";
- print $hit_count.' '.get_string('resultsreturnedfor', 'search') . " '".stripslashes($query_string)."'.";
+ print $hit_count.' '.get_string('resultsreturnedfor', 'search') . " '".s(stripslashes($query_string))."'.";
print "<br />";
if ($hit_count > 0) {

0 comments on commit 311956c

Please sign in to comment.