ref: bc939071cf26b9ea744829df290b26951a14f33d
parent: 1a0337f6847239a139be6ff097804425599439cd
author: Stanley Lieber <sl@stanleylieber.com>
date: Fri Sep 20 16:17:26 EDT 2024
apps/wman/search.tpl: we already filter user input. avoid xss by printing filtered user input instead of unfiltered user input on error.
--- a/apps/wman/search.tpl
+++ b/apps/wman/search.tpl
@@ -6,7 +6,7 @@
% if(! ~ $"post_arg_wman_search '') { % if(~ $"wman_search_results '') {- No matches found for <i>'%($post_arg_wman_search%)'</i>.
+ No matches found for <i>'%($s%)'</i>.
% }
% if not {<ul>
--
⑨