*  Fixed the XSS via the "p" GET parameter.