$NetBSD: patch-av,v 1.3 2020/09/07 10:34:52 mef Exp $
set &html_escape for the safety
--- ldap-useradmin/search_user.cgi.orig 2011-04-27 00:19:01.000000000 +0200
+++ ldap-useradmin/search_user.cgi 2011-06-15 23:36:01.000000000 +0200
@@ -24,8 +24,8 @@ elsif ($in{'match'} == 3) {
$rv = $ldap->search(base => $base,
filter => "(&".&user_filter().$search.")");
if ($rv->code) {
- &error(&text('search_err', "$search",
- "$base", $rv->error));
+ &error(&text('search_err', "" . &html_escape($search) . "",
+ "" . &html_escape($base) . "", $rv->error));
}
@users = $rv->all_entries;