From bc939071cf26b9ea744829df290b26951a14f33d Mon Sep 17 00:00:00 2001
From: Stanley Lieber <sl@stanleylieber.com>
Date: Fri, 20 Sep 2024 20:17:26 -0400
Subject: [PATCH] apps/wman/search.tpl: we already filter user input. avoid xss
 by printing filtered user input instead of unfiltered user input on error.

---
 apps/wman/search.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/wman/search.tpl b/apps/wman/search.tpl
index a6c59e4..ed57743 100755
--- a/apps/wman/search.tpl
+++ b/apps/wman/search.tpl
@@ -6,7 +6,7 @@
 
 % if(! ~ $"post_arg_wman_search '') {
 %   if(~ $"wman_search_results '') {
-        No matches found for <i>'%($post_arg_wman_search%)'</i>.
+        No matches found for <i>'%($s%)'</i>.
 %   }
 %   if not {
         <ul>