From: Jan Schneider <jan@horde.org>
Date: Wed, 6 Jan 2016 11:46:35 +0100
Subject: [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by
 only a few applications (Bug #14213).


(Adapted from upstream ab07a1b447de34e13983b4d7ceb18b58c3a358d8)

diff --git a/horde-5.2.1/templates/topbar/_menubar.html.php b/horde-5.2.1/templates/topbar/_menubar.html.php
index acb416c..df75623 100644
--- a/horde-5.2.1/templates/topbar/_menubar.html.php
+++ b/horde-5.2.1/templates/topbar/_menubar.html.php
@@ -23,7 +23,7 @@
         <input autocomplete="off" id="horde-search-input" type="text" />
       </div>
 <?php else: ?>
-      <input type="text" id="horde-search-input" name="searchfield" class="formGhost" title="<?php echo $this->searchLabel ?>" />
+      <input type="text" id="horde-search-input" name="searchfield" class="formGhost" title="<?php echo $this->h($this->searchLabel) ?>" />
 <?php endif ?>
       <input type="image" id="horde-search-icon" src="<?php echo $this->searchIcon ?>" />
     </form>