$NetBSD: patch-az,v 1.4 2020/09/07 10:34:52 mef Exp $

Set &html_escape for the safety

--- mailboxes/search_form.cgi.orig	2012-06-29 22:31:51.000000000 +0000
+++ mailboxes/search_form.cgi
@@ -13,9 +13,9 @@ require './mailboxes-lib.pl';
 
 # Start of form
 print &ui_form_start("mail_search.cgi");
-print &ui_hidden("user", $in{'user'});
-print &ui_hidden("dom", $in{'dom'});
-print &ui_hidden("ofolder", $in{'folder'});
+print &ui_hidden("user", &html_escape($in{'user'}));
+print &ui_hidden("dom", &html_escape($in{'user'}));
+print &ui_hidden("ofolder", &html_escape($in{'folder'}));
 print &ui_table_start($text{'sform_header'}, "width=100%", 2);
 
 # And/or mode
@@ -54,7 +54,7 @@ print &ui_table_row($text{'sform_folder2
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'sform_ok'} ] ]);
 
-&ui_print_footer("list_mail.cgi?folder=$in{'folder'}&user=".
-		  &urlize($in{'user'})."&dom=$in{'dom'}", $text{'mail_return'},
+&ui_print_footer("list_mail.cgi?folder=" . &urlize($in{'folder'}) . "&user=".
+		  &urlize($in{'user'})."&dom=".&urlize($in{'dom'}), $text{'mail_return'},
 		 &user_list_link(), $text{'index_return'});