Commit c17ea82a authored by Till Brehm's avatar Till Brehm

Fixed #4894 XSS vulnerability in global search

parent 79d6be9a
......@@ -189,6 +189,7 @@ function _search($module, $section, $additional_sql = '', $params = ''){
$sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
$results = $app->db->queryAllRecords($sql, $db_table);
$results = $app->functions->htmlentities($results);
if(is_array($results) && !empty($results)){
$lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment