From: Joey Hess <joey@kitenet.net>
Date: Tue, 27 Sep 2011 14:45:21 +0000 (-0400)
Subject: track escaping change in upstream template
X-Git-Url: http://git.tremily.us/?p=ikiwiki.git;a=commitdiff_plain;h=6321a75e0ce6591d4071fc022ce418be9698e941;ds=sidebyside

track escaping change in upstream template

This is not belived to be XSS exploitable due to other checks in ikiwiki.

Thanks Olly Betts for review.
---

diff --git a/debian/changelog b/debian/changelog
index 34f0ac8ee..d852c6b61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ikiwiki (3.20110906) UNRELEASED; urgency=low
+
+  * searchquery.tmpl: Track escaping change in upstream template.
+    Thanks Olly Betts for review.
+
+ -- Joey Hess <joeyh@debian.org>  Tue, 27 Sep 2011 10:47:13 -0400
+
 ikiwiki (3.20110905) unstable; urgency=low
 
   * mercurial: Openid nicknames are now used when committing. (Daniel Andersson)
diff --git a/templates/searchquery.tmpl b/templates/searchquery.tmpl
index 5b9fbbf7f..15bc78e28 100644
--- a/templates/searchquery.tmpl
+++ b/templates/searchquery.tmpl
@@ -70,7 +70,7 @@ $if{$field{language},Language: <b>$html{$field{language}}</b><br>}
 $if{$field{size},<span title="$html{$field{size}} bytes">Size: <b>$html{$filesize{$field{size}}}</b></span><br>}
 </div>
 </td>
-<td><B><A HREF="$field{url}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
+<td><B><A HREF="$html{$field{url}}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
 <small>$highlight{$field{sample},$terms}$if{$field{sample},...}</small><br>
 <small>
 $percentage% relevant$. matching: