Ignore:
Timestamp:
Oct 7, 2013, 11:52:11 PM (11 years ago)
Author:
chronos
Message:
  • Fixed: SQL injection protection was not applied because of new dynamic URL handling.
  • Fixed: HTML entities encodin for search input string.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/Dictionary/Dictionary.php

    r577 r586  
    213213       
    214214  $Output .= '<tr><td>
    215     <input type="text" value="'.$Search.'" name="search" size="30" />
     215    <input type="text" value="'.htmlentities($Search).'" name="search" size="30" />
    216216    <input type="submit" value="Vyhledat" />';
    217217  if($this->System->User->Licence(LICENCE_USER))
Note: See TracChangeset for help on using the changeset viewer.