[Mrbs-commits] SF.net SVN: mrbs:[1777] mrbs/trunk/web/functions.inc

Sun, 30 Jan 2011 00:18:47 -0800 

Revision: 1777
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1777&view=rev
Author:   jberanek
Date:     2011-01-30 08:18:37 +0000 (Sun, 30 Jan 2011)

Log Message:
-----------
* Fixed a few more cases where things weren't correctly escaped.

Modified Paths:
--------------
    mrbs/trunk/web/functions.inc

Modified: mrbs/trunk/web/functions.inc
===================================================================
--- mrbs/trunk/web/functions.inc        2011-01-30 08:00:13 UTC (rev 1776)
+++ mrbs/trunk/web/functions.inc        2011-01-30 08:18:37 UTC (rev 1777)
@@ -351,7 +351,8 @@
   // and a hidden input if the input box is disabled
   if ($disabled)
   {
-    $html .= "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
+    $html .= "<input type=\"hidden\" name=\"$name\" value=\"".
+      htmlspecialchars($value)."\">\n";
   }
   echo $html;
 }
@@ -375,13 +376,14 @@
   {
     $html .= "<option";
     $html .= (isset($value) && ($value == $option)) ? " selected=\"selected\"" 
: '';
-    $html .= ">$option</option>\n";
+    $html .= ">".htmlspecialchars($option)."</option>\n";
   }
   $html .= "</select>\n";
   // and a hidden input if the select box is disabled
   if ($disabled)
   {
-    $html .= "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
+    $html .= "<input type=\"hidden\" name=\"$name\" value=\"".
+      htmlspecialchars($value)."\">\n";
   }
   
   echo $html;
@@ -401,7 +403,8 @@
   // and a hidden input if the textarea is disabled
   if ($disabled)
   {
-    $html .= "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
+    $html .= "<input type=\"hidden\" name=\"$name\" value=\"".
+      htmlspecialchars($value)."\">\n";
   }
   echo $html;
 }


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to