$NetBSD$

--- ldap-useradmin/search_group.cgi.orig	2007-09-21 23:28:25.000000000 +0200
+++ ldap-useradmin/search_group.cgi
@@ -23,8 +23,8 @@ elsif ($in{'match'} == 3) {
 $rv = $ldap->search(base => $base,
 		    filter => "(&(objectClass=posixGroup)$search)");
 if ($rv->code) {
-	&error(&text('search_err', "<tt>$search</tt>",
-		     "<tt>$base</tt>", $rv->error));
+	&error(&text('search_err', "<tt>" . &html_escape($search) . "</tt>",
+		     "<tt>" . &html_escape($base) . "</tt>", $rv->error));
 	}
 @groups = $rv->all_entries;
 
