Commit Graph

3 Commits

Author SHA1 Message Date
Daniel Veillard
cf739b3568 better patch for the XSS search issue
Since the query string could be output when displaying the results too
2015-07-03 21:04:24 +08:00
Daniel Veillard
d51876bc8e Avoid XSS vulnerability on the search engine
Raised by https://www.xssposed.org/incidents/69566/
Need to escape the user provided query before displaying it back
2015-07-03 20:47:08 +08:00
Martin Kletzander
2818359075 docs: autogenerate search.php
This patch makes search.php autogenerated from search.php.in, thus
removing hardcoded menus, footer etc. and the search.php is added to
.gitignore.

There is new rule added for *.php files (to make it bit less
hardcoded) that takes *.php.code.in and injects it inside the
generated *.php (xslt was not happy about php code in the source xml).
2012-08-10 10:58:38 +02:00