r8772 - trunk/apps/qubit/modules/search/templates

[correo]

Author: sevein
Date: Wed Nov  3 16:42:13 2010
New Revision: 8772

Log:
Use htmlentities() to prevent XSS from query request attribute.

Modified:
   trunk/apps/qubit/modules/search/templates/indexSuccess.php

Modified: trunk/apps/qubit/modules/search/templates/indexSuccess.php
==============================================================================
--- trunk/apps/qubit/modules/search/templates/indexSuccess.php  Wed Nov  3 
16:35:16 2010        (r8771)
+++ trunk/apps/qubit/modules/search/templates/indexSuccess.php  Wed Nov  3 
16:42:13 2010        (r8772)
@@ -1,7 +1,7 @@
 <?php use_helper('Text') ?>
 
 <?php if ($sf_request->query): ?>
-  <h1><?php echo __('Search for [%1%]', array('%1%' => $sf_request->query)) 
?></h1>
+  <h1><?php echo __('Search for [%1%]', array('%1%' => 
htmlentities($sf_request->query))) ?></h1>
 <?php endif; ?>
 
 <?php if (isset($error)): ?>

-- 
You received this message because you are subscribed to the Google Groups 
"Qubit Toolkit Commits" group.
To post to this group, send email to qubit-comm...@googlegroups.com.
To unsubscribe from this group, send email to 
qubit-commits+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/qubit-commits?hl=en.