- <input type="hidden" name="where" value="${data.where}">
- <input type="hidden" name="order" value="${data.order}">
+ <input type="hidden" name="where" value="${encodeHTML(data.where)}">
+ <input type="hidden" name="order" value="${encodeHTML(data.order)}">
+ <input type="hidden" name="query_text" value="${encodeHTML(data.query_text)}">
+ <input type="hidden" name="query_field" value="${encodeHTML(data.query_field)}">
+ <input type="hidden" name="query_is_pubished" value="${data.query_is_pubished}">
+ <input type="hidden" name="query_media_folder" value="${data.query_media_folder}">