Passing vulnerable search term using php GET

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to Wikimap
2. type this: "<script>alert('can put script in here!');</script>

or go to: 
http://iprojsrv.cs.washington.edu/wikiSearch.php?s="<script>alert('can put 
script in here!');</script>

What is the expected output? What do you see instead?

There's a security issue here where we can add script to the search field. 
Entering the term above will pop up a message.
It should use php htmlspecialchars to protect this from happening.

What version of the product are you using? On what operating system?

Firefox 3.6.4, Windows 7

Original issue reported on code.google.com by pth...@gmail.com on 1 Mar 2011 at 2:58

[GoogleCodeExporter]

Accepting and assigning bug for final milestone.

Original comment by holycrap...@gmail.com on 1 Mar 2011 at 7:34

• Changed state: Accepted
• Added labels: Milestone-Final
• Removed labels: Milestone-NotAssigned

[GoogleCodeExporter]

Reassigning to myself because I found this was a relatively easy fix. It's been 
committed and I tested it locally.

Original comment by holycrap...@gmail.com on 1 Mar 2011 at 8:50

• Changed state: Fixed