Revision: 2476
https://sourceforge.net/p/mrbs/code/2476/
Author: cimorrison
Date: 2012-10-05 17:20:16 +0000 (Fri, 05 Oct 2012)
Log Message:
-----------
Added missing HTML escaping
Modified Paths:
--------------
mrbs/branches/improved_repeat_interface/web/functions.inc
Modified: mrbs/branches/improved_repeat_interface/web/functions.inc
===================================================================
--- mrbs/branches/improved_repeat_interface/web/functions.inc 2012-10-05
17:10:50 UTC (rev 2475)
+++ mrbs/branches/improved_repeat_interface/web/functions.inc 2012-10-05
17:20:16 UTC (rev 2476)
@@ -481,7 +481,7 @@
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
+ $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
$html .= "<input type=\"checkbox\" class=\"checkbox\"";
$html .= " id=\"" . $params['name'] . "\" name=\"" . $params['name'] . "\"
value=\"1\"";
$html .= (empty($params['value'])) ? "" : " checked=\"checked\"";
@@ -537,7 +537,7 @@
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
+ $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
$html .= "<input " . $params['attributes'];
$html .= " id=\"" . $params['name'] . "\" name=\"" . $params['name'] . "\"";
$html .= ($params['disabled']) ? " disabled=\"disabled\"" : '';
@@ -604,7 +604,7 @@
}
}
// generate the HTML
- $html = "<label>" . $params['label'] . "</label>\n";
+ $html = "<label>" . htmlspecialchars($params['label']) . "</label>\n";
$html .= "<div class=\"group\">\n";
// Output each radio button
foreach ($params['options'] as $value => $token)
@@ -613,7 +613,7 @@
$html .= "<input class=\"radio\" type=\"radio\" name=\"" . $params['name']
. "\" value=\"$value\"";
$html .= ($params['value'] == $value) ? " checked=\"checked\"" : "";
$html .= ($params['disabled']) ? " disabled=\"disabled\"" : "";
- $html .= ">" . get_vocab($token);
+ $html .= ">" . htmlspecialchars(get_vocab($token));
$html .= "</label>\n";
}
$html .= "</div>\n";
@@ -671,7 +671,7 @@
}
// generate the HTML
- $html = "<label>" . $params['label'] . "</label>\n";
+ $html = "<label>" . htmlspecialchars($params['label']) . "</label>\n";
$html .= "<div class=\"group\">\n";
// Output each checkbox
foreach ($params['options'] as $value => $token)
@@ -737,7 +737,7 @@
}
}
// generate the HTML
- $html = "<label for=\"" .$params['name'] . "\">" . $params['label'] .
"</label>\n";
+ $html = "<label for=\"" .$params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
$html .= "<select id=\"" . $params['name'] . "\" name=\"" . $params['name']
. "\"";
$html .= ($params['disabled']) ? " disabled=\"disabled\"" : "";
$html .= ($params['mandatory']) ? " required aria-required=\"true\"" : "";
@@ -812,7 +812,7 @@
}
}
// generate the HTML
- $html = "<label for=\"" . $params['name'] . "\">" . $params['label'] .
"</label>\n";
+ $html = "<label for=\"" . $params['name'] . "\">" .
htmlspecialchars($params['label']) . "</label>\n";
// textarea rows and cols are overridden by CSS height and width
$html .= "<textarea id=\"" . $params['name'] . "\" name=\"" .
$params['name'] . "\" rows=\"8\" cols=\"40\"";
$html .= " " . $params['attributes'];
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
