From 3cf659e0dce1c55711ddde73ea0dfea73abd6020 Mon Sep 17 00:00:00 2001
From: Ignacio Nelson <info@subwaydesign.com.ar>
Date: Fri, 14 Jan 2022 10:31:28 -0300
Subject: [PATCH] Fixed XSS vulnerability on search forms

---
 includes/functions.forms.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/functions.forms.php b/includes/functions.forms.php
index 3718051f..da5ca5b8 100644
--- a/includes/functions.forms.php
+++ b/includes/functions.forms.php
@@ -38,7 +38,7 @@ function form_add_existing_parameters( $ignore = array() )
 				unset( $_GET[$param] );
 			}
 			if ( !is_array( $value ) && !in_array( $param, $ignore ) ) {
-				echo '<input type="hidden" name="' . $param . '" value="' . encode_html($value) . '">';
+				echo '<input type="hidden" name="' . htmlentities($param) . '" value="' . html_output($value) . '">';
 			}
 		}
 	}