From 198b73ddd11c722e199cb3008fa07751be66c488 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Sun, 13 May 2012 15:57:10 -0400
Subject: [PATCH] Sanitize search queries, thanks to Lukas Reschke

---
 core/templates/layout.user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index b832ac2636..e9d105ed04 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -30,7 +30,7 @@
 		<header><div id="header">
 			<a href="<?php echo link_to('', 'index.php'); ?>" title="" id="owncloud"><img class="svg" src="<?php echo image_path('', 'logo-wide.svg'); ?>" alt="ownCloud" /></a>
 			<form class="searchbox" action="#" method="post">
-				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo $_POST['query'];};?>" autocomplete="off" />
+				<input id="searchbox" class="svg" type="search" name="query" value="<?php if(isset($_POST['query'])){echo htmlentities($_POST['query']);};?>" autocomplete="off" />
 			</form>
 			<a id="logout" href="<?php echo link_to('', 'index.php'); ?>?logout=true"><img class="svg" alt="<?php echo $l->t('Log out');?>" title="<?php echo $l->t('Log out');?>" src="<?php echo image_path('', 'actions/logout.svg'); ?>" /></a>
 		</div></header>
-- 
GitLab