From 5f9a392fc4ead71c6d154927ad8a3f26f29fe6d5 Mon Sep 17 00:00:00 2001
From: Michael Vogel <ike@pirati.ca>
Date: Fri, 23 Sep 2016 06:36:48 +0000
Subject: [PATCH] At the search we should do it as well.

---
 include/text.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/text.php b/include/text.php
index 3aec42b323..2276f6688d 100644
--- a/include/text.php
+++ b/include/text.php
@@ -988,7 +988,7 @@ function search($s,$id='search-box',$url='search',$save = false, $aside = true)
 	$a = get_app();
 
 	$values = array(
-			'$s' => $s,
+			'$s' => htmlspecialchars($s),
 			'$id' => $id,
 			'$action_url' => $url,
 			'$search_label' => t('Search'),