From bf5eae1f9de5f8276fb1acfb1fb9c89d3b0db738 Mon Sep 17 00:00:00 2001
From: conradverm <conradverm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Fri, 20 Jul 2007 13:37:59 +0000
Subject: [PATCH] KTS-2178 "cross site scripting" Implemented.

---
 templates/ktcore/search/administration/savedsearches.smarty | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/ktcore/search/administration/savedsearches.smarty b/templates/ktcore/search/administration/savedsearches.smarty
index 4589fb4..f592d23 100644
--- a/templates/ktcore/search/administration/savedsearches.smarty
+++ b/templates/ktcore/search/administration/savedsearches.smarty
@@ -31,7 +31,7 @@ newsletters, etc.) based on a category or fieldset value.{/i18n}</p>
 <tbody>
 {foreach item=oSearch from=$saved_searches}
     <tr>
-        <td>{$oSearch->getName()}</td>
+        <td>{$oSearch->getName()|sanitize}</td>
 	{capture assign=iUserId}{$oSearch->getUserId()}{/capture}
 	<td>{if ($iUserId === '')}Global{else}{$context->_getUserName($iUserId)}{/if}</td>
         <td><a href="{addQS}action=edit&fSavedSearchId={$oSearch->getId()}{/addQS}" class="ktAction ktEdit">{i18n}Edit{/i18n}</a></td>
--
libgit2 0.21.4