From eefdabb714f26192f585083ef96c8413e459a1d1 Mon Sep 17 00:00:00 2001
From: ritt <stefan.ritt@psi.ch>
Date: Mon, 9 Dec 2019 16:28:16 +0100
Subject: [PATCH] Apply HTML escaping to "loc" command

---
 src/elogd.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/elogd.c b/src/elogd.c
index 4d992607..21ee48e3 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -27130,8 +27130,10 @@ void interprete(char *lbook, char *path)
    /* check for localization command */
    if (stricmp(command, "loc") == 0) {
       show_http_header(NULL, FALSE, NULL);
-      if (isparam("value") && *getparam("value"))
-         rsputs(loc(getparam("value")));
+      if (isparam("value") && *getparam("value")) {
+         strencode2(str, getparam("value"), sizeof(str));
+         rsputs(loc(str));
+      }
 
       /* dummy strings for JS-only translations */
       s = loc("Drop attachments here...");