修复:对查询的参数做过滤处理。。。


漏洞证明:

jsp?%20moreHitsFromSite=&category=&similarTo=&similarType=find&breadcrumb=&old_query=&keywords=&sortBy1">?%20moreHitsFromSite=&category=&similarTo=&similarType=find&breadcrumb=&old_query=&keywords=&sortBy1

=&findInResult=&filter=&sortOrder1=&sortOrder2=&collapseField=&scopeSearchField=&queryLanguage=

zh&numHits=10&offset=0&query=<iframe%20src=http://www.wooyun.org%20height=500></iframe>