Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escape saved search name
Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information
nijel committed Jun 22, 2016
1 parent d95a4a2 commit 36df83a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libraries/DbQbe.php
Expand Up @@ -1900,7 +1900,7 @@ private function _getSavedSearchesField()
}
$html_output .= '</select>';
$html_output .= '<input type="text" name="searchName" id="searchName" '
. 'value="' . $currentSearchName . '" />';
. 'value="' . htmlspecialchars($currentSearchName) . '" />';
$html_output .= '<input type="hidden" name="action" id="action" value="" />';
$html_output .= '<input type="submit" name="saveSearch" id="saveSearch" '
. 'value="' . __('Create bookmark') . '" />';
Expand Down

0 comments on commit 36df83a

Please sign in to comment.