track escaping change in upstream template

This is not belived to be XSS exploitable due to other checks in ikiwiki.

Thanks Olly Betts for review.

diff --git a/debian/changelog b/debian/changelog
index 34f0ac8eedf4e9cbcce91a4bd59a2ed34456cfb6..d852c6b612f98523012303242cc96f88d0766770 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ikiwiki (3.20110906) UNRELEASED; urgency=low
+
+  * searchquery.tmpl: Track escaping change in upstream template.
+    Thanks Olly Betts for review.
+
+ -- Joey Hess <joeyh@debian.org>  Tue, 27 Sep 2011 10:47:13 -0400
+
 ikiwiki (3.20110905) unstable; urgency=low
 
   * mercurial: Openid nicknames are now used when committing. (Daniel Andersson)

diff --git a/templates/searchquery.tmpl b/templates/searchquery.tmpl
index 5b9fbbf7fa75b28e00a9939a79f7a53e1bde4958..15bc78e2844c9e8b648df0a75e0363b40d3d49dd 100644 (file)
--- a/templates/searchquery.tmpl
+++ b/templates/searchquery.tmpl
@@ -70,7 +70,7 @@ $if{$field{language},Language: <b>$html{$field{language}}</b><br>}
 $if{$field{size},<span title="$html{$field{size}} bytes">Size: <b>$html{$filesize{$field{size}}}</b></span><br>}
 </div>
 </td>
-<td><B><A HREF="$field{url}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
+<td><B><A HREF="$html{$field{url}}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR>
 <small>$highlight{$field{sample},$terms}$if{$field{sample},...}</small><br>
 <small>
 $percentage% relevant$. matching: