From 7469d147878314a7a121c32f05e043a9ef6d0850 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Wed, 9 Jul 2008 18:59:42 -0400
Subject: [PATCH] specialchars() text in search results

darcs-hash:20080709225942-84dde-80c201825f566af717456f13d17e7382ce234692.gz
---
 actions/peoplesearch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php
index 045d99e39a..5d10140173 100644
--- a/actions/peoplesearch.php
+++ b/actions/peoplesearch.php
@@ -158,7 +158,7 @@ class PeoplesearchAction extends Action {
 
 	function highlight($text, $terms) {
 		$pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i';
-		$result = preg_replace($pattern, '<strong>\\1</strong>', $text);
+		$result = preg_replace($pattern, '<strong>\\1</strong>', htmlspecialchars($text));
 		return $result;
 	}
 }