XSS injection on search.php

  • 
            <div id="breadcrumbs_and_title">
                <?php $search_term = get_query_var('s');?>
                 <h1><?php echo __('Results for Search Term: ', 'carzine');?>"
                 <?php echo $search_term; ?>"</h1>
                </div>
            </div>`

    should be

    
                <div id="breadcrumbs_and_title">
                    <h1><?php echo __('Results for Search Term: ', 'carzine'); ?>"
                        <?php echo get_search_query(); ?>"
                    </h1>
                </div>`

    To sanitize the user input (search query).

    I uploaded the theme with slight adjustments on my GitHub, feel free to review and merge the other changes into your version: https://github.com/maltris/carzine

  • The topic ‘XSS injection on search.php’ is closed to new replies.