VladPolskiy/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2025-07-21 23:40:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape search input

Browse Source
This commit is contained in:
Jamie Cameron
2023-08-15 21:13:53 -07:00
parent 38aa06b8c6
commit 9ae54e61bd
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cluster-software/search.cgi
View File

@ -29,7 +29,7 @@ if (@match == 1) {
&ui_print_header(undef, $text{'search_title'}, "", "search"); &ui_print_header(undef, $text{'search_title'}, "", "search");
if (@match) { if (@match) {
@match = sort { lc($a->{'name'}) cmp lc($b->{'name'}) } @match; @match = sort { lc($a->{'name'}) cmp lc($b->{'name'}) } @match;
print "<b>",&text('search_match', "<tt>$s</tt>"),"</b><br>\n"; print "<b>",&text('search_match', "<tt>".&html_escape($s)."</tt>"),"</b><br>\n";
print &ui_form_start("delete_packs.cgi", "post"); print &ui_form_start("delete_packs.cgi", "post");
print &ui_hidden("search", $in{'search'}),"\n"; print &ui_hidden("search", $in{'search'}),"\n";
@ -43,8 +43,8 @@ if (@match) {
$text{'search_desc'} ], 100, 0, \@tds); $text{'search_desc'} ], 100, 0, \@tds);
foreach $i (@match) { foreach $i (@match) {
local @cols; local @cols;
push(@cols, "<a href=\"edit_pack.cgi?search=$s&package=". push(@cols, "<a href=\"edit_pack.cgi?search=".&urlize($s).
&urlize($i->{'name'})."\">$i->{'name'}</a>"); "&package=".&urlize($i->{'name'})."\">$i->{'name'}</a>");
$c = $i->{'class'}; $c = $i->{'class'};
push(@cols, $i->{'class'} || $text{'search_none'}); push(@cols, $i->{'class'} || $text{'search_none'});
push(@cols, $i->{'desc'}); push(@cols, $i->{'desc'});
@ -62,7 +62,7 @@ if (@match) {
print &ui_form_end(); print &ui_form_end();
} }
else { else {
print "<b>",&text('search_nomatch', "<tt>$s</tt>"),"</b>\n"; print "<b>",&text('search_nomatch', "<tt>".&html_escape($s)."</tt>"),"</b>\n";
} }
&ui_print_footer("", $text{'index_return'}); &ui_print_footer("", $text{'index_return'});