Fix XSS vulnerability

admin/pages/accounts.php

@@ -426,7 +426,7 @@ else if ($id > 0 && isset($account) && $account->isLoaded()) {
 		<div class="box-body">
 			<form action="<?php echo $base; ?>" method="post">
 				<div class="input-group input-group-sm">
-					<input type="text" class="form-control" name="search_name" value="<?php echo $search_account; ?>"
+					<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
 						   maxlength="32" size="32">
 					<span class="input-group-btn">
                           <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

admin/pages/players.php

@@ -784,7 +784,7 @@ else if ($id > 0 && isset($player) && $player->isLoaded())
 			<div class="box-body">
 				<form action="<?php echo $base; ?>" method="post">
 					<div class="input-group input-group-sm">
-						<input type="text" class="form-control" name="search_name" value="<?php echo $search_name; ?>"
+						<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_name); ?>"
 							   maxlength="32" size="32">
 						<span class="input-group-btn">
                           <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

templates/tibiacom/index.php

@@ -21,7 +21,7 @@ if(isset($config['boxes']))
 		<?php
 			if(PAGE !== 'news') {
 				if(strpos(URI, 'subtopic=') !== false) {
-					$tmp = $_REQUEST['subtopic'];
+					$tmp = escapeHtml($_REQUEST['subtopic']);
 					if($tmp === 'accountmanagement') {
 						$tmp = 'accountmanage';
 					}