Escapes input attribute values with htmlspecialchars and removes default empty value...

author Evan Winslow <evan.b.winslow@gmail.com>

Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)

committer Evan Winslow <evan.b.winslow@gmail.com>

Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)
author Evan Winslow <evan.b.winslow@gmail.com>
Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)
committer Evan Winslow <evan.b.winslow@gmail.com>
Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)
diff --git a/views/default/input/default.php b/views/default/input/default.php

index 050e3b765667b3c240edce7390c6609488d9f6ea..0577b34e54e1c92b4391892584f4650d60ab37c4 100644 (file)
--- a/views/default/input/default.php
+++ b/views/default/input/default.php
@@ -45,7 +45,6 @@ if (isset($vars['js'])) {
  // default attributes\r
  $defaults = array(\r
         'type' => 'text',\r
-       'value' => '',\r
  );\r
  \r
  $attributes = array_merge($defaults, $vars);\r
@@ -58,6 +57,7 @@ foreach ($attributes as $attr => $val) {
         if ($val === TRUE) {\r
                 $element[] = $attr;\r
         } elseif ($val !== FALSE) {\r
+               $val = htmlspecialchars($val);\r
                 $element[] = "$attr=\"$val\"";\r
         }\r
  }\r
author	Evan Winslow <evan.b.winslow@gmail.com>
	Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)
committer	Evan Winslow <evan.b.winslow@gmail.com>
	Fri, 16 Jul 2010 20:28:02 +0000 (20:28 +0000)