OF-1165 fixed Stored Cross-Site Scripting vulnerability

src/plugins/search/changelog.html

@@ -44,6 +44,11 @@
 Search Plugin Changelog
 </h1>
 
+<p><b>1.7.1</b> -- July 24, 2016</p>
+<ul>
+    <li>[<a href='https://issues.igniterealtime.org/browse/OF-1165'>OF-1165</a>] - Fixed Stored Cross-Site Scripting vulnerability.</li>
+</ul>
+
 <p><b>1.7.0</b> -- October 12, 2015</p>
 <ul>
     <li>[<a href='http://www.igniterealtime.org/issues/browse/OF-953'>OF-953</a>] - Updated JSP libraries.</li>

src/plugins/search/plugin.xml

@@ -5,8 +5,8 @@
     <name>Search</name>
     <description>Provides support for Jabber Search (XEP-0055)</description>
     <author>Ryan Graham</author>
-    <version>1.7.0</version>
-    <date>10/12/2015</date>
+    <version>1.7.1</version>
+    <date>07/24/2016</date>
     <minServerVersion>4.0.0</minServerVersion>
     
     <adminconsole>

src/plugins/search/src/web/advance-user-search.jsp

@@ -164,7 +164,7 @@
            <a href="../../user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"><%= JID.unescapeNode(user.getUsername()) %></a>
        </td>
        <td width="33">
-           <%= user.getName() %> &nbsp;
+           <%= StringUtils.escapeHTMLTags(user.getName()) %> &nbsp;
        </td>
        <td width="15%">
            <%= JiveGlobals.formatDate(user.getCreationDate()) %> &nbsp;