From: Evan Winslow <evan.b.winslow@gmail.com>
Date: Fri, 16 Jul 2010 20:28:02 +0000 (+0000)
Subject: Escapes input attribute values with htmlspecialchars and removes default empty value... 
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=221090bb40a53622d990b63432160729e6d02aa5;p=lorea%2Felgg.git

Escapes input attribute values with htmlspecialchars and removes default empty value from default inputs
---

diff --git a/views/default/input/default.php b/views/default/input/default.php
index 050e3b765..0577b34e5 100644
--- a/views/default/input/default.php
+++ b/views/default/input/default.php
@@ -45,7 +45,6 @@ if (isset($vars['js'])) {
 // default attributes
 $defaults = array(
 	'type' => 'text',
-	'value'	=> '',
 );
 
 $attributes = array_merge($defaults, $vars);
@@ -58,6 +57,7 @@ foreach ($attributes as $attr => $val) {
 	if ($val === TRUE) {
 		$element[] = $attr;
 	} elseif ($val !== FALSE) {
+		$val = htmlspecialchars($val);
 		$element[] = "$attr=\"$val\"";
 	}
 }