SECISSUE fix #1583 검색 단어를 담은 is_keyword에 대한 escape

layouts/default/layout.html

@@ -22,7 +22,7 @@ <h1>
 				<input type="hidden" name="vid" value="{$vid}" />
 				<input type="hidden" name="mid" value="{$mid}" />
 				<input type="hidden" name="act" value="IS" />
-				<input type="text" name="is_keyword" value="{$is_keyword}" required placeholder="{$lang->cmd_search}" title="{$lang->cmd_search}" />
+				<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" required placeholder="{$lang->cmd_search}" title="{$lang->cmd_search}" />
 				<input type="submit" value="{$lang->cmd_search}" />
 			</form>
 			<!-- /SEARCH -->

layouts/user_layout/layout.html

@@ -6,7 +6,7 @@ <h1>Site Logo</h1>
 			<input type="hidden" name="vid" value="{$vid}" />
 			<input type="hidden" name="mid" value="{$mid}" />
 			<input type="hidden" name="act" value="IS" />
-			<input type="text" name="is_keyword" value="{$is_keyword}" title="{$lang->cmd_search}" />
+			<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->cmd_search}" />
 			<input type="submit" value="{$lang->cmd_search}" />
 		</form>
 		<hr />

layouts/xedition/layout.html

@@ -170,7 +170,7 @@
 					<input type="hidden" name="vid" value="{$vid}" />
 					<input type="hidden" name="mid" value="{$mid}" />
 					<input type="hidden" name="act" value="IS" />
-					<input type="text" name="is_keyword" value="{$is_keyword}" required="required" title="{$lang->cmd_search}" placeholder="Search" />
+					<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" required="required" title="{$lang->cmd_search}" placeholder="Search" />
 				</form>
 				<!-- /SEARCH -->
 				<a href="#" class="btn_close" title="{$lang->cmd_xedition_search_close}" onclick="return false"><i class="xi-close"></i><span class="blind">{$lang->cmd_xedition_search_close}</span></a>