Bug 3652: Fixes XSS vulnerabilities and XTHML errors in opac-search-history.tmpl

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>

diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-search-history.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-search-history.tmpl
index 657ad14..f129925 100644 (file)
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-search-history.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-search-history.tmpl
@@ -46,7 +46,7 @@
                    <!-- TMPL_LOOP NAME="recentSearches" -->
                    <tr>
                        <td><!-- TMPL_VAR NAME="time" --></td>
-                       <td><a href="/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR NAME="query_cgi"  -->"><!-- TMPL_VAR NAME="query_desc" ESCAPE="html" --></a></td>
+                       <td><a href="/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR NAME="query_cgi" ESCAPE="html" -->"><!-- TMPL_VAR NAME="query_desc" ESCAPE="html" --></a></td>
                        <td><!-- TMPL_VAR NAME="total" --></td>
                    </tr>
                    <!-- /TMPL_LOOP -->
@@ -64,7 +64,7 @@
                    <!-- TMPL_LOOP NAME="previousSearches" -->
                    <tr>
                        <td><!-- TMPL_VAR NAME="time" --></td>
-                       <td><a href="/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR NAME="query_cgi"  -->"><!-- TMPL_VAR NAME="query_desc" --></a></td>
+                       <td><a href="/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR NAME="query_cgi" ESCAPE="html" -->"><!-- TMPL_VAR NAME="query_desc" ESCAPE="html" --></a></td>
                        <td><!-- TMPL_VAR NAME="total" --></td>
                    </tr>
                    <!-- /TMPL_LOOP -->