From 7077786cb3117b8318f48cfb7b3c87ad13e492f4 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Thu, 15 Jan 2026 20:56:08 +0000
Subject: [PATCH] Sanitize reflected 'asdf' parameter in search.php to prevent
 reflected XSS

---
 search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/search.php b/search.php
index 22f5334c1c..6b7bb6078f 100644
--- a/search.php
+++ b/search.php
@@ -11,7 +11,7 @@
 include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
 include_once(PHPWG_ROOT_PATH.'include/functions_search.inc.php');
 
-echo $_GET['asdf'];
+echo htmlspecialchars($_GET['asdf'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
 
 // +-----------------------------------------------------------------------+
 // | Check Access and exit when user status is not ok                      |