From 302d9796c47972c04f4cc2fc4417402eb2fb7444 Mon Sep 17 00:00:00 2001
From: "DM42.Net (Matt Dent)" <dentm42@dm42.net>
Date: Tue, 13 Nov 2018 22:59:36 -0500
Subject: [PATCH 1/2] Revert "Filter search box before display"

This reverts commit 35e66770be6ca93c9090cdab221e6c33a410a569.
---
 include/text.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/text.php b/include/text.php
index da18080dd..076c98407 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1075,7 +1075,7 @@ function micropro($contact, $redirect = false, $class = '', $mode = false) {
 function search($s,$id='search-box',$url='/search',$save = false) {
 
 	return replace_macros(get_markup_template('searchbox.tpl'),array(
-		'$s' => htmlspecialchars($s),
+		'$s' => $s,
 		'$id' => $id,
 		'$action_url' => z_root() . $url,
 		'$search_label' => t('Search'),

From f1d168f781fc14e55b85b6e0a4e214d18f2ec969 Mon Sep 17 00:00:00 2001
From: "DM42.Net (Matt Dent)" <dentm42@dm42.net>
Date: Tue, 13 Nov 2018 23:06:00 -0500
Subject: [PATCH 2/2] Fix double escaping after xss fix

---
 Zotlabs/Module/Search.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index 272bbdac1..838f9d6b9 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -227,9 +227,9 @@ class Search extends \Zotlabs\Web\Controller {
 		}
 	
 		if($tag) 
-			$o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+			$o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>';
 		else
-			$o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+			$o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>';
 	
 		$o .= conversation($items,'search',$update,'client');