OTCWebsite: escape notes query on ratingsfilter.

Thanks to mattjnc of bitsec.in for the heads-up.
nanotube · Aug 16, 2013 · 14d3d7d · 14d3d7d
1 parent d4af380
commit 14d3d7d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/OTCWebsite/ratingsfilter.php b/OTCWebsite/ratingsfilter.php
@@ -29,7 +29,7 @@
 <tr>
 <td style="text-align: left;">
 <form method="GET" action="ratingsfilter.php?">
-<label>Search notes: <input type="text" name="notes" value="<?php echo $notesfilter; ?>"/></label>
+<label>Search notes: <input type="text" name="notes" value="<?php echo htmlspecialchars($notesfilter); ?>"/></label>
 <input type="submit" value="Filter" />
 </form>
 </td>