- $term = htmlspecialchars( $term );

+	$term = urlencode( $term );

($terms is used in a URL, and hence should be url-encoded rather than html-encoded)

diff --git a/includes/AjaxFunctions.php b/includes/AjaxFunctions.php
index 248cbec..600cd57 100644 (file)
--- a/includes/AjaxFunctions.php
+++ b/includes/AjaxFunctions.php
@@ -108,7 +108,7 @@ function wfSajaxSearch( $term ) {
        $subtitlemsg = ( Title::newFromText($term) ? 'searchsubtitle' : 'searchsubtitleinvalid' );
        $subtitle = $wgOut->parse( wfMsg( $subtitlemsg, wfEscapeWikiText($term) ) ); #FIXME: parser is missing mTitle !
 
-       $term = htmlspecialchars( $term );
+       $term = urlencode( $term );
        $html = '<div style="float:right; border:solid 1px black;background:gainsboro;padding:2px;"><a onclick="Searching_Hide_Results();">'
                . wfMsg( 'hideresults' ) . '</a></div>'
                . '<h1 class="firstHeading">'.wfMsg('search')