$NetBSD: patch-ac,v 1.5 2012/11/02 19:02:51 shattered Exp $ --- software/search.cgi.orig 2011-04-27 00:18:43.000000000 +0200 +++ software/search.cgi 2011-06-15 23:15:13.000000000 +0200 @@ -34,7 +34,7 @@ if (@match == 1 && $in{'goto'}) { if (@match) { @match = sort { lc($packages{$a,'name'}) cmp lc($packages{$b,'name'}) } @match; - print "",&text('search_match', "$s"),"

\n"; + print "",&text('search_match', "" . &html_escape($s) . ""),"

\n"; print &ui_form_start("delete_packs.cgi", "post"); print &ui_hidden("search", $in{'search'}); @tds = ( "width=5" ); @@ -49,7 +49,8 @@ if (@match) { local @cols; local $v = $packages{$i,'shortversion'} || $packages{$i,'version'}; - push(@cols, "".&html_escape( $packages{$i,'name'}.($v ? " $v" : "")).""); @@ -70,7 +71,7 @@ if (@match) { print &ui_form_end([ [ undef, $text{'search_delete'} ] ]); } else { - print "",&text('search_nomatch', "$s"),"

\n"; + print "",&text('search_nomatch', "" . &html_escape($s) . ""),"

\n"; } &ui_print_footer("", $text{'index_return'});