From 622d6fa9d1b965ca95ea5a68eac11e1d6cc100e8 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <blog@garv.in>
Date: Sun, 22 Apr 2012 20:29:47 +0200
Subject: [PATCH] backend media

---
 docs/NEWS                            | 2 +-
 serendipity_admin_image_selector.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/NEWS b/docs/NEWS
index 2649e7b2..8c9379d2 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -73,7 +73,7 @@ Version 1.6.1 ()
 ------------------------------------------------------------------------
     
     * Improved escaping of backend plugin management for DB query
-      (Stefan Schurtz)
+      and media selector output (Stefan Schurtz)
 
     * Updated spamblock plugin to 1.78 & 1.79
       changed wordfilter to function to check with 'verify_once'
diff --git a/serendipity_admin_image_selector.php b/serendipity_admin_image_selector.php
index 14b81d09..2d8771e3 100644
--- a/serendipity_admin_image_selector.php
+++ b/serendipity_admin_image_selector.php
@@ -293,7 +293,7 @@ switch ($serendipity['GET']['step']) {
           isset($serendipity['GET']['page'])   ? $serendipity['GET']['page']   : 1,
           $serendipity['thumbPerPage2'],
           ($serendipity['showMediaToolbar'] ? true : false),
-          '?serendipity[step]=1' . $add_url . '&amp;serendipity[textarea]='. $serendipity['GET']['textarea'],
+          '?serendipity[step]=1' . $add_url . '&amp;serendipity[textarea]='. htmlspecialchars($serendipity['GET']['textarea']),
           true,
           null,
           false