# HG changeset patch
# User Dan
# Date 1186945012 14400
# Node ID 9d29f7e101d69b74ce805ceadb1c025f62af9ebb
# Parent  fea81844b9a5967a8de0841fbb215531d832ab3c
Fixed yet another minor XSS hole, this time in search results

diff -r fea81844b9a5 -r 9d29f7e101d6 plugins/SpecialSearch.php
--- a/plugins/SpecialSearch.php	Sun Aug 12 13:33:04 2007 -0400
+++ b/plugins/SpecialSearch.php	Sun Aug 12 14:56:52 2007 -0400
@@ -396,7 +396,7 @@
   $regex = '/(' . implode('|', $words2) . ')/i';
   $pt = preg_replace($regex, '<span class="search-term">\\1</span>', $pt);
   
-  $title = preg_replace($regex, '<span class="title-search-term">\\1</span>', $paths->pages[$page]['name']);
+  $title = preg_replace($regex, '<span class="title-search-term">\\1</span>', htmlspecialchars($paths->pages[$page]['name']));
   
   $cut_off = false;
   
diff -r fea81844b9a5 -r 9d29f7e101d6 upgrade.sql
--- a/upgrade.sql	Sun Aug 12 13:33:04 2007 -0400
+++ b/upgrade.sql	Sun Aug 12 14:56:52 2007 -0400
@@ -9,6 +9,7 @@
 CREATE TABLE {{TABLE_PREFIX}}page_group_members( pg_member_id int(12) NOT NULL auto_increment, pg_id mediumint(8) NOT NULL, page_id varchar(63) NOT NULL, namespace varchar(63) NOT NULL DEFAULT 'Article', PRIMARY KEY ( pg_member_id ) ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 CREATE TABLE {{TABLE_PREFIX}}tags( tag_id int(12) NOT NULL auto_increment, tag_name varchar(63) NOT NULL DEFAULT 'bla', page_id varchar(255) NOT NULL, namespace varchar(255) NOT NULL, user mediumint(8) NOT NULL DEFAULT 1, PRIMARY KEY ( tag_id ) ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 UPDATE {{TABLE_PREFIX}}acl SET rules=CONCAT(rules,'tag_create=4;tag_delete_own=4;tag_delete_other=4;') WHERE target_type=1 AND target_id=2;
+DELETE FROM {{TABLE_PREFIX}}search_cache;
 ---END 1.0---
 ---BEGIN 1.0RC3---
 ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_coppa tinyint(1) NOT NULL DEFAULT 0;