# HG changeset patch
# User bsw
# Date 1268618659 -3600
# Node ID aaba4d28dd535286e951fbcb3bf3959260999756
# Parent  58beb12bc024ba5d58ac4e6c16ee574f06970245
Added missing HTML encoding for page titles (security fix!)

diff -r 58beb12bc024 -r aaba4d28dd53 app/main/index/search.lua
--- a/app/main/index/search.lua	Mon Mar 08 22:59:41 2010 +0100
+++ b/app/main/index/search.lua	Mon Mar 15 03:04:19 2010 +0100
@@ -1,7 +1,7 @@
 local search_for = param.get("search_for", atom.string) or "global"
 local search_string = param.get("search", atom.string)
 
-slot.put_into("title", _("Search results for: '#{search}'", { search  = search_string }))
+slot.put_into("title", encode.html(_("Search results for: '#{search}'", { search  = search_string })))
 
 
 if search_for == "global" or search_for == "member" then
diff -r 58beb12bc024 -r aaba4d28dd53 app/main/member/history.lua
--- a/app/main/member/history.lua	Mon Mar 08 22:59:41 2010 +0100
+++ b/app/main/member/history.lua	Mon Mar 15 03:04:19 2010 +0100
@@ -1,6 +1,6 @@
 local member = Member:by_id(param.get_id())
 
-slot.put_into("title", _("Member name history for '#{name}'", { name = member.name }))
+slot.put_into("title", encode.html(_("Member name history for '#{name}'", { name = member.name })))
 
 slot.select("actions", function()
   ui.link{
diff -r 58beb12bc024 -r aaba4d28dd53 config/default.lua
--- a/config/default.lua	Mon Mar 08 22:59:41 2010 +0100
+++ b/config/default.lua	Mon Mar 15 03:04:19 2010 +0100
@@ -1,5 +1,5 @@
 config.app_name = "LiquidFeedback"
-config.app_version = "beta13"
+config.app_version = "beta14"
 
 config.app_title = config.app_name .. " (" .. request.get_config_name() .. " environment)"