From 55b5e3b600cf345f8f697ffa67ea702a171c37cc Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Sat, 16 Sep 2023 10:19:54 +0200
Subject: [PATCH] Fix XSS in accounts editor

---
 admin/pages/accounts.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php
index f3022e9c..95490a1b 100644
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -583,7 +583,7 @@ else if (isset($_REQUEST['search'])) {
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<label for="name">Account Name:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
+								<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_account); ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>