fixed XSS security in integration search

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9839 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-05-04 01:23:32 +09:00 · 2011-11-17 08:32:55 +00:00 · 2011-11-17 08:32:55 +00:00 · 0dbd9091b0
commit 0dbd9091b0
parent 75d660bf1a
6 changed files with 36 additions and 24 deletions
--- a/modules/integration_search/skins/default/document.html
+++ b/modules/integration_search/skins/default/document.html
@ -37,17 +37,17 @@

    <!--@if($where == 'document' && $output->page_navigation)-->
        <div class="pagination a1">
-            <a href="{getUrl('page','')}" class="prevEnd">{$lang->first_page}</a> 
+            <a href="{getAutoEncodedUrl('page','')}" class="prevEnd">{$lang->first_page}</a> 
            <!--@while($page_no = $output->page_navigation->getNextPage())-->
                <!--@if($page == $page_no)-->
                    <strong>{$page_no}</strong> 
                <!--@else-->
-                    <a href="{getUrl('page',$page_no)}">{$page_no}</a>
+                    <a href="{getAutoEncodedUrl('page',$page_no)}">{$page_no}</a>
                <!--@end-->
            <!--@end-->
-            <a href="{getUrl('page',$output->page_navigation->last_page)}" <!--@if(!$last_division)-->class="nextEnd"<!--@end-->>{$lang->last_page}</a>
+            <a href="{getAutoEncodedUrl('page',$output->page_navigation->last_page)}" <!--@if(!$last_division)-->class="nextEnd"<!--@end-->>{$lang->last_page}</a>
            <!--@if($last_division)-->
-            <a href="{getUrl('page',1,'document_srl','','search_target',$search_target,'is_keyword',$is_keyword,'division',$last_division,'last_division','')}" class="nextEnd">{$lang->cmd_search_next}</a>
+            <a href="{getAutoEncodedUrl('page',1,'document_srl','','search_target',$search_target,'is_keyword',$is_keyword,'division',$last_division,'last_division','')}" class="nextEnd">{$lang->cmd_search_next}</a>
            <!--@end-->
        </div>
    <!--@end-->