[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only a f…

…ew applications (Bug #14213).
horde · Jan 6, 2016 · ab07a1b · ab07a1b
1 parent 4e064a9
commit ab07a1b
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/horde/docs/CHANGES b/horde/docs/CHANGES
@@ -2,6 +2,8 @@
 v5.2.9-git
 ----------
 
+[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only a few
+      applications (Bug #14213).
 
 
 ------

diff --git a/horde/package.xml b/horde/package.xml
@@ -39,7 +39,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl">LGPL-2</license>
  <notes>
-* 
+* [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only a few applications (Bug #14213).
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -4074,7 +4074,7 @@
    <date>2015-10-20</date>
    <license uri="http://www.horde.org/licenses/lgpl">LGPL-2</license>
    <notes>
-* 
+* [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by only a few applications (Bug #14213).
    </notes>
   </release>
  </changelog>

diff --git a/horde/templates/topbar/_menubar.html.php b/horde/templates/topbar/_menubar.html.php
@@ -23,7 +23,7 @@
         <input autocomplete="off" id="horde-search-input" type="text" />
       </div>
 <?php else: ?>
-      <input type="text" id="horde-search-input" name="searchfield" class="formGhost" title="<?php echo $this->searchLabel ?>" />
+      <input type="text" id="horde-search-input" name="searchfield" class="formGhost" title="<?php echo $this->h($this->searchLabel) ?>" />
 <?php endif ?>
       <input type="image" id="horde-search-icon" src="<?php echo $this->searchIcon ?>" />
     </form>