$NetBSD: patch-af,v 1.1 2008/07/13 11:15:27 tonnerre Exp $

--- log.php.orig	2004-08-26 14:47:30.000000000 +0200
+++ log.php
@@ -98,9 +98,9 @@ else
    $ppath = $path;
 
 $vars["action"] = $lang["LOG"];
-$vars["repname"] = $rep->name;
+$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');
 $vars["rev"] = $rev;
-$vars["path"] = $ppath;
+$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
 
 createDirLinks($rep, $ppath, $passrev, $showchanged);
 
@@ -278,7 +278,8 @@ if ($pages > 1)
 $url = $config->getURL($rep, $path, "log");
 $vars["logsearch_form"] = "<form action=\"$url\" method=\"post\" name=\"logsearchform\">";
 
-$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"$search\">";
+$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"" .
+	htmlentities($search, ENT_QUOTES, 'UTF-8') . "\">";
 
 $vars["logsearch_submit"] = "<input type=\"submit\" value=\"${lang["GO"]}\">";
 $vars["logsearch_endform"] = "<input type=\"hidden\" name=\"logsearch\" value=\"1\">".
