XSS / Duplicate $base_url in layout.inc.php

[blinils]

Hello,

I found two issues in the pager( ) function of the layout.inc.php file. I wanted to fix them myself ("DIY!"), and make my first pull request on Github, but each time, I encountered problems when modifying and replacing the file.

• A XSS vulnerability on the "Search" module, because $base_url is not filtered, i.e. with htmlspecialchars.

• Each time the Next or Prev buttons are clicked, $base_url is duplicated (2x then 4x 8x etc.)

... which, when we keep clicking on the Next button, leads to a very very long URI.

[Nakiami]

That's very serious, thank you. Fixed in https://github.com/Nakiami/mellivora/commit/ee60d7ed3220be8cfadea496feacc9db0daa6725