Quote search strings.

This commit is contained in:
Michael R Sweet 2008-03-05 03:49:17 +00:00
parent b04207f224
commit 2b270e9072
2 changed files with 8 additions and 3 deletions

View File

@ -327,9 +327,11 @@ switch ($op)
html_link("Submit Article", "$PHP_SELF?N$options");
html_end_links();
$htmlsearch = htmlspecialchars($search, ENT_QUOTES);
print("<form method='POST' action='$PHP_SELF'><p align='center'>"
."Search&nbsp;Words: &nbsp;<input type='text' size='60' "
."name='SEARCH' value='$search'>"
."name='SEARCH' value='$htmlsearch'>"
."<input type='submit' value='Search Articles'></p></form>\n");
$query = "";

View File

@ -575,8 +575,11 @@ switch ($op)
html_link("Submit Bug or Feature Request", "$PHP_SELF?N$options'");
html_end_links();
$htmlsearch = htmlspecialchars($search, ENT_QUOTES);
print("<form method='POST' action='$PHP_SELF'><p align='center'>"
."Search&nbsp;Words: &nbsp;<input type='text' size='60' name='SEARCH' value='$search'>"
."Search&nbsp;Words: &nbsp;<input type='text' size='60' "
."name='SEARCH' value='$htmlsearch'>"
."<input type='submit' value='Search STRs'></p>\n");
print("<p align='center'>Priority:&nbsp;<select name='FPRIORITY'>");
@ -764,7 +767,7 @@ switch ($op)
if (($priority || $status || $scope) && $search != "")
print("<p><a href='$PHP_SELF?L+S0+Q" . urlencode($search)
."'>Search for \"<i>$search</i>\" in all STRs</a></p>\n");
."'>Search for \"<i>$htmlsearch</i>\" in all STRs</a></p>\n");
html_footer();
exit();