From cc2a920203886d096431c3ceea32aad727689e00 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Tue, 23 Aug 2005 09:52:32 +0000
Subject: [PATCH] better version

---
 .../serendipity_event_livesearch.php                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php b/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
index 0526c49..26df502 100644
--- a/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
+++ b/plugins/serendipity_event_livesearch/serendipity_event_livesearch.php
@@ -137,7 +137,7 @@ class serendipity_event_livesearch extends serendipity_event
                             break;
 
                         case 'ls':
-                            header('X-Search: ' . htmlspecialchars($_REQUEST['s']));
+                            header('X-Search: ' . preg_replace('@[^a-z0-9 \.\-_]@i', '', $_REQUEST['s']));
                             $res = serendipity_searchEntries($_REQUEST['s']);
 
                             echo '<?xml version="1.0" encoding="utf-8" ?>';
-- 
2.39.5