From 6bee39204b737591214ca9f1f12949dfeeac34c6 Mon Sep 17 00:00:00 2001
From: Thomas Lange <code@nerdmind.de>
Date: Thu, 26 Aug 2021 20:42:05 +0200
Subject: Don't use wrapper function "escapeHTML" internally

Don't use the template function "escapeHTML" internally and replace all
occurrences outside of the template files with "htmlspecialchars".
---
 core/include/search/main.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'core/include/search/main.php')

diff --git a/core/include/search/main.php b/core/include/search/main.php
index 9e7c0a7..de7be9a 100644
--- a/core/include/search/main.php
+++ b/core/include/search/main.php
@@ -29,7 +29,7 @@ if($search = HTTP::GET('q')) {
 
 	try {
 		if (!$posts = $PostRepository->search($search, $filter, $site_size, $offset)) {
-			$message = $Language->text('search_no_results', escapeHTML($search));
+			$message = $Language->text('search_no_results', htmlspecialchars($search));
 		}
 	} catch(PDOException $Exception) {
 		$message = $Exception->getMessage();
@@ -84,7 +84,7 @@ if(!empty($posts)) {
 	$MainTemplate = Template\Factory::build('main');
 	$MainTemplate->set('HTML', $ResultTemplate);
 	$MainTemplate->set('HEAD', [
-		'NAME' => $Language->text('title_search_results', escapeHTML($search)),
+		'NAME' => $Language->text('title_search_results', htmlspecialchars($search)),
 		'PERM' => Application::getURL('search/')
 	]);
 }
-- 
cgit v1.2.3