#896 XSS injection on the portal (any search form)

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@3093 a333f486-631f-4898-b8df-5754b55c2be0

application/portalwebpage.class.inc.php

@@ -510,7 +510,8 @@ EOF
 				if (is_null($aAllowedValues))
 				{
 					// Any value is possible, display an input box
-					$this->add("<label>".MetaModel::GetFilterLabel($sClass, $sAttSpec).":</label>&nbsp;<input class=\"textSearch\" name=\"$sPrefix$sFieldName\" value=\"$sFilterValue\"/>\n");
+					$sSanitizedValue = htmlentities($sFilterValue, ENT_QUOTES, 'UTF-8');
+					$this->add("<label>".MetaModel::GetFilterLabel($sClass, $sAttSpec).":</label>&nbsp;<input class=\"textSearch\" name=\"$sPrefix$sFieldName\" value=\"$sSanitizedValue\"/>\n");
 				}
 				else
 				{