correctly quote display name in html search result

author Sarah Hoffmann <lonvia@denofr.de>

Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)

committer Sarah Hoffmann <lonvia@denofr.de>

Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)
author Sarah Hoffmann <lonvia@denofr.de>
Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)
committer Sarah Hoffmann <lonvia@denofr.de>
Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)
diff --git a/lib/template/search-html.php b/lib/template/search-html.php

index 02c8cb4d0ed228e7ee3bf680ec4b675394c65bf8..7da79ad82a07180d0fe57d6ad8d6abd674c8fff5 100644 (file)
--- a/lib/template/search-html.php
+++ b/lib/template/search-html.php
@@ -199,7 +199,7 @@ target="_blank">FAQ</a></td>
                 }
  
                 echo (isset($aResult['icon'])?'<img alt="icon" src="'.$aResult['icon'].'"/>':'');
-               echo ' <span class="name">'.$aResult['name'].'</span>';
+               echo ' <span class="name">'.htmlspecialchars($aResult['name']).'</span>';
                 echo ' <span class="latlon">'.round($aResult['lat'],3).','.round($aResult['lon'],3).'</span>';
                 echo ' <span class="place_id">'.$aResult['place_id'].'</span>';
                 if (isset($aResult['label']))
author	Sarah Hoffmann <lonvia@denofr.de>
	Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Tue, 3 Feb 2015 22:12:21 +0000 (23:12 +0100)