SF.net SVN: postfixadmin:[1189] trunk/smarty.inc.php
Brought to you by:
christian_boltz,
gingerdog
From: <chr...@us...> - 2011-09-24 16:35:48
|
Revision: 1189 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1189&view=rev Author: christian_boltz Date: 2011-09-24 16:35:42 +0000 (Sat, 24 Sep 2011) Log Message: ----------- smarty.inc.php - select_options(): - escape $val with htmlentities() (function result will/must be used unescaped later) Modified Paths: -------------- trunk/smarty.inc.php Modified: trunk/smarty.inc.php =================================================================== --- trunk/smarty.inc.php 2011-09-24 11:49:14 UTC (rev 1188) +++ trunk/smarty.inc.php 2011-09-24 16:35:42 UTC (rev 1189) @@ -69,10 +69,10 @@ function select_options($aValues, $aSelected) { $ret_val = ''; foreach ($aValues as $val) { - $ret_val .= '<option value="'.$val.'"'; + $ret_val .= '<option value="'.htmlentities($val).'"'; if (in_array ($val, $aSelected)) $ret_val .= ' selected="selected"'; - $ret_val .= '>'.$val.'</option>'; + $ret_val .= '>'.htmlentities($val).'</option>'; } return $ret_val; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |