[Mrbs-commits] SF.net SVN: mrbs:[2532] mrbs/trunk/web/functions.inc

Sat, 27 Oct 2012 07:00:42 -0700 

Revision: 2532
          https://sourceforge.net/p/mrbs/code/2532/
Author:   cimorrison
Date:     2012-10-27 14:00:35 +0000 (Sat, 27 Oct 2012)
Log Message:
-----------
Added some missing HTML escaping

Modified Paths:
--------------
    mrbs/trunk/web/functions.inc

Modified: mrbs/trunk/web/functions.inc
===================================================================
--- mrbs/trunk/web/functions.inc        2012-10-26 15:09:37 UTC (rev 2531)
+++ mrbs/trunk/web/functions.inc        2012-10-27 14:00:35 UTC (rev 2532)
@@ -724,7 +724,7 @@
   // generate the HTML
   // no HTML escaping for the label - it is trusted
   $html  = "<label class=\"radio\">";
-  $html .= "<input class=\"radio\" type=\"radio\" name=\"" . $params['name'] . 
"\" value=\"" . $option['key'] . "\"";          
+  $html .= "<input class=\"radio\" type=\"radio\" name=\"" . $params['name'] . 
"\" value=\"" . htmlspecialchars($option['key']) . "\"";          
   $html .= ($params['value'] == $option['key']) ? " checked=\"checked\"" : "";
   $html .= ($params['disabled']) ? " disabled=\"disabled\"" : "";
   $html .= ">" . htmlspecialchars($option['value']);
@@ -791,7 +791,7 @@
   if ($params['disabled'])
   {
     $html .= "<input type=\"hidden\" name=\"" . $params['name'] . "\"";
-    $html .= " value=\"" . $params['value'] . "\">\n";
+    $html .= " value=\"" . htmlspecialchars($params['value']) . "\">\n";
   }
   echo $html;
 }
@@ -860,7 +860,8 @@
       $value = $token;
     }
     $html .= "<label>";
-    $html .= "<input class=\"checkbox\" type=\"checkbox\" name=\"" . 
$params['name'] . "\" value=\"$value\"";          
+    $html .= "<input class=\"checkbox\" type=\"checkbox\" name=\"" . 
$params['name'] . "\"";
+    $html .= " value=\"" . htmlspecialchars($value) . "\"";          
     $html .= (in_array($value, $params['value'])) ? " checked=\"checked\"" : 
"";
     $html .= ($params['disabled']) ? " disabled=\"disabled\"" : "";
     $html .= ">" . htmlspecialchars($token);
@@ -868,7 +869,7 @@
     if ($params['disabled'] && in_array($value, $params['value']))
     {
       $html .= "<input type=\"hidden\" name=\"" . $params['name'] . "\"";
-      $html .= " value=\"$value\">\n";
+      $html .= " value=\"" . htmlspecialchars($value) . "\">\n";
     }
   }
   $html .= "</div>\n";
@@ -971,7 +972,7 @@
     {
       $value = $text;
     }
-    $html .= "<option value=\"$value\"";
+    $html .= "<option value=\"" . htmlspecialchars($value) . "\"";
     $html .= (in_array($value, $params['value'])) ? " selected=\"selected\"" : 
'';
     $html .= ">".htmlspecialchars($text)."</option>\n";
   }

------------------------------------------------------------------------------
WINDOWS 8 is here. 
Millions of people.  Your app in 30 days.
Visit The Windows 8 Center at Sourceforge for all your go to resources.
http://windows8center.sourceforge.net/
join-generation-app-and-make-money-coding-fast/
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to