Adding htmlentities for prevent XSS remove this after task #2768 is done

15 years ago · 6a2aa8fb83
parent d8b49f3511
commit 6a2aa8fb83
2 changed files with 2 additions and 2 deletions
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -2806,7 +2806,7 @@ class UserManager
 			<div id="search_label">
 					<b>'.get_lang('Search').'</b > ('.get_lang('UsersGroups').')
 			<div>
-				<input type="text" size="30" value="'.Security::remove_XSS($query).'" name="q"/> &nbsp;
+				<input type="text" size="30" value="'.api_htmlentities(Security::remove_XSS($query)).'" name="q"/> &nbsp;
 				<button class="search" type="submit" value="search">'.get_lang('Search').'</button>
 			</div>
 		</td>
--- a/main/template/default/auth/courses_categories.php
+++ b/main/template/default/auth/courses_categories.php
@ -46,7 +46,7 @@ $stok = Security::get_token();
            <form class="course_list" method="post" action="<?php echo api_get_self(); ?>?action=subscribe&hidden_links=<?php echo $hidden_links; ?>">
                <input type="hidden" name="sec_token" value="<?php echo $stok; ?>">
                <input type="hidden" name="search_course" value="1" />
-                <input type="text" size="12" name="search_term" value="<?php echo (empty($_POST['search_term']) ? '' : Security::remove_XSS($_POST['search_term'])); ?>" />
+                <input type="text" size="12" name="search_term" value="<?php echo (empty($_POST['search_term']) ? '' : api_htmlentities(Security::remove_XSS($_POST['search_term']))); ?>" />
                &nbsp;<button class="search" type="submit"><?php echo get_lang('_search'); ?></button>
            </form>