Skip to content

Commit 36df83a

Browse files
committed
Escape saved search name
Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent d95a4a2 commit 36df83a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: libraries/DbQbe.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -1900,7 +1900,7 @@ private function _getSavedSearchesField()
19001900
}
19011901
$html_output .= '</select>';
19021902
$html_output .= '<input type="text" name="searchName" id="searchName" '
1903-
. 'value="' . $currentSearchName . '" />';
1903+
. 'value="' . htmlspecialchars($currentSearchName) . '" />';
19041904
$html_output .= '<input type="hidden" name="action" id="action" value="" />';
19051905
$html_output .= '<input type="submit" name="saveSearch" id="saveSearch" '
19061906
. 'value="' . __('Create bookmark') . '" />';

0 commit comments

Comments
 (0)