$NetBSD: patch-ap,v 1.2 2012/11/02 19:02:51 shattered Exp $

--- webminlog/search.cgi.orig	2011-04-27 00:18:53.000000000 +0200
+++ webminlog/search.cgi	2011-06-15 23:34:38.000000000 +0200
@@ -147,7 +147,8 @@ elsif (@match) {
 	# Show search results in table
 	if ($in{'sid'}) {
 		print "<b>",&text('search_sid', "<tt>$match[0]->{'user'}</tt>",
-				  "<tt>$in{'sid'}</tt>")," ..</b><p>\n";
+                                 "<tt>" . &html_escape($in{'sid'}) . "</tt>"),
+                                 " ..</b><p>\n";
 		}
 	elsif ($in{'uall'} == 1 && $in{'mall'} && $in{'tall'}) {
 		print "<b>$text{'search_critall'} ..</b><p>\n";