From 708414e1b57d1b39b1e3038434b75e63af89fdb4 Mon Sep 17 00:00:00 2001
From: g4mm4-VCF <280880076+g4mm4-VCF@users.noreply.github.com>
Date: Sat, 16 May 2026 11:48:00 +0700
Subject: [PATCH] Escape issue summary in search response

The search response embeds raw HTML in a JSON 'data' field that the
plugin's client-side JS injects into the DOM via $.fn.after() on
bug_report_page.php. Pass the summary through string_display_line(),
the standard MantisBT helper for HTML-safe single-line output, so any
HTML characters in stored summaries are rendered as text instead of
parsed as markup.

Also defensively cast the bug id to int.
---
 SearchRelatedIssue/pages/search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SearchRelatedIssue/pages/search.php b/SearchRelatedIssue/pages/search.php
index c49fc52..47ae58f 100644
--- a/SearchRelatedIssue/pages/search.php
+++ b/SearchRelatedIssue/pages/search.php
@@ -48,7 +48,7 @@
 
     foreach( $t_rows as $t_issue ) {
         $t_response['data'] .= '<li>' .
-                '<a class=search_result style="background-color:' . get_status_color( $t_issue->status ) . ';" href="' . string_get_bug_view_url( $t_issue->id ) . '";>' . $t_issue->id . ": " . $t_issue->summary . '</a></li>';
+                '<a class=search_result style="background-color:' . get_status_color( $t_issue->status ) . ';" href="' . string_get_bug_view_url( (int)$t_issue->id ) . '";>' . (int)$t_issue->id . ": " . string_display_line( $t_issue->summary ) . '</a></li>';
     }
 
     $t_response['data'] .= '</ul>';