track escaping change in upstream template

This is not belived to be XSS exploitable due to other checks in ikiwiki. Thanks Olly Betts for review.
2011-09-27 10:45:21 -04:00 · 2011-09-27 10:45:21 -04:00 · 6321a75e0c
parent 027455f155
commit 6321a75e0c
2 changed files with 8 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+ikiwiki (3.20110906) UNRELEASED; urgency=low
+
+  * searchquery.tmpl: Track escaping change in upstream template.
+    Thanks Olly Betts for review.
+
+ -- Joey Hess <joeyh@debian.org>  Tue, 27 Sep 2011 10:47:13 -0400
+
 ikiwiki (3.20110905) unstable; urgency=low

  * mercurial: Openid nicknames are now used when committing. (Daniel Andersson)
--- a/templates/searchquery.tmpl
+++ b/templates/searchquery.tmpl
@ -70,7 +70,7 @@ $if{$field{language},Language: <b>$html{$field{language}}</b><br>}
 $if{$field{size},<span title="$html{$field{size}} bytes">Size: <b>$html{$filesize{$field{size}}}</b></span><br>}
 </div>
 </td>
-<td><B><A HREF="$field{url}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
+<td><B><A HREF="$html{$field{url}}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
 <small>$highlight{$field{sample},$terms}$if{$field{sample},...}</small><br>
 <small>
 $percentage% relevant$. matching: