Fix double-escaping in searchtext_escaped
Brought to you by:
ajlittoz
Using the general search to search for files containing "foo" (with the double-quotes) leads to "foo" in the result page. This is due to double-escaping in the search script, in the line that calculates searchtext_escaped:
first " is replaced with " and then & is replaced with &...
This is a bug.
For the record: invalid order of transformations to avoid XSS attacks. Ampersands should be transformed first into HTML entity, before transforming other "dangerous" characters. Otherwise, the initial & in HTML entity name gets transformed into & preventing LXR to recover the intended character.
The line for _searchtext has the correct order.
As a precaution, the same protection against ampersand is transferred into ident.
Ticket moved from /p/lxr/patches/46/
Fixed in 2.0.2