Closes #1105: Value on input/pulldown view now escaped.

author marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>

Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)

committer marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>

Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)
author marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)
committer marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)
diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php

index fb7619048ed277c19bb09d3c19b0e0a9bff785b3..fe53865f85cb95cf9ba93b3c1e4ee77712009a3a 100644 (file)
--- a/views/default/input/pulldown.php
+++ b/views/default/input/pulldown.php
@@ -32,9 +32,9 @@
         {
                 foreach($vars['options_values'] as $value => $option) {
                 if ($value != $vars['value']) {
-                   echo "<option value=\"$value\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
+                   echo "<option value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
                 } else {
-                   echo "<option value=\"$value\" selected=\"selected\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
+                   echo "<option value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" selected=\"selected\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
                 }
             }
         }
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Mon, 6 Jul 2009 16:52:10 +0000 (16:52 +0000)