better version

diff --git a/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php b/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
index 0526c499f0d46d7572842f43a4c6d979a028f275..26df50226a026db571989cb2f26910ed96013b3f 100644 (file)
--- a/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
+++ b/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
@@ -137,7 +137,7 @@ class serendipity_event_livesearch extends serendipity_event
                             break;
 
                         case 'ls':
-                            header('X-Search: ' . htmlspecialchars($_REQUEST['s']));
+                            header('X-Search: ' . preg_replace('@[^a-z0-9 \.\-_]@i', '', $_REQUEST['s']));
                             $res = serendipity_searchEntries($_REQUEST['s']);
 
                             echo '<?xml version="1.0" encoding="utf-8" ?>';