$NetBSD: patch-aw,v 1.3 2020/09/07 10:34:52 mef Exp $

Set &html_escape for the safety

--- ldap-useradmin/search_group.cgi.orig	2011-04-27 00:19:01.000000000 +0200
+++ ldap-useradmin/search_group.cgi	2011-06-15 23:37:06.000000000 +0200
@@ -24,8 +24,8 @@ elsif ($in{'match'} == 3) {
 $rv = $ldap->search(base => $base,
 		    filter => "(&".&group_filter().$search.")");
 if ($rv->code) {
-	&error(&text('search_err', "<tt>$search</tt>",
-		     "<tt>$base</tt>", $rv->error));
+       &error(&text('search_err', "<tt>" . &html_escape($search) . "</tt>",
+                    "<tt>" . &html_escape($base) . "</tt>", $rv->error));
 	}
 @groups = $rv->all_entries;