proteger HTTP_REFERER et var_recherche qui seront utilisee dans le surlignage JS (Rastapopoulos)

ecrire/inc/pipelines.php

@@ -96,6 +96,13 @@ function f_surligne($texte) {
 	}
 	include_spip('inc/surligne');
 
+	if (isset($_SERVER['HTTP_REFERER'])) {
+		$_SERVER['HTTP_REFERER'] = preg_replace(',[^\w\,/#&;-]+,', ' ', $_SERVER['HTTP_REFERER']);
+	}
+	if ($rech){
+		$rech = preg_replace(',[^\w\,/#&;-]+,', ' ', $rech);
+	}
+
 	return surligner_mots($texte, $rech);
 }