From eba61bb84a3ab376a94883e0cbe72ac04034aec3 Mon Sep 17 00:00:00 2001
From: automactic <christopherliqd@gmail.com>
Date: Fri, 1 Aug 2014 05:09:34 +0800
Subject: [PATCH 1/2] Initial Commit


From 7d30941068a0290f08688e6cf3a0b69e84ae56ea Mon Sep 17 00:00:00 2001
From: Kelson42 <kelson42@user.sourceforge.net>
Date: Thu, 8 Jan 2015 12:51:42 +0100
Subject: [PATCH 2/2] FIXED: kiwix-serve XSS attack	vulnerability (#763)

---
 src/server/kiwix-serve.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server/kiwix-serve.cpp b/src/server/kiwix-serve.cpp
index 98ed95a..87f5792 100644
--- a/src/server/kiwix-serve.cpp
+++ b/src/server/kiwix-serve.cpp
@@ -293,7 +293,7 @@ static int accessHandlerCallback(void *cls,
       }
       pthread_mutex_unlock(&searcherLock);
     } else {
-      content = "<!DOCTYPE html>\n<html><head><meta content=\"text/html;charset=UTF-8\" http-equiv=\"content-type\" /><title>Fulltext search unavailable</title></head><body><h1>Not Found</h1><p>There is no article with the title <b>\"" + patternString + "\"</b> and the fulltext search engine is not available for this content.</p></body></html>";
+      content = "<!DOCTYPE html>\n<html><head><meta content=\"text/html;charset=UTF-8\" http-equiv=\"content-type\" /><title>Fulltext search unavailable</title></head><body><h1>Nott Found</h1><p>There is no article with the title <b>\"" + kiwix::encodeDiples(patternString) + "\"</b> and the fulltext search engine is not available for this content.</p></body></html>";
       httpResponseCode = MHD_HTTP_NOT_FOUND;
     }