diff options
author | Evan Winslow <evan.b.winslow@gmail.com> | 2010-07-16 20:28:02 +0000 |
---|---|---|
committer | Evan Winslow <evan.b.winslow@gmail.com> | 2010-07-16 20:28:02 +0000 |
commit | 221090bb40a53622d990b63432160729e6d02aa5 (patch) | |
tree | e7fee7f589207ea5672be8e126787e44da8f9ac2 | |
parent | 434e44174ab3689a15d0d23deeaa191c6695fcf8 (diff) | |
download | elgg-221090bb40a53622d990b63432160729e6d02aa5.tar.gz elgg-221090bb40a53622d990b63432160729e6d02aa5.tar.bz2 |
Escapes input attribute values with htmlspecialchars and removes default empty value from default inputs
-rw-r--r-- | views/default/input/default.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/views/default/input/default.php b/views/default/input/default.php index 050e3b765..0577b34e5 100644 --- a/views/default/input/default.php +++ b/views/default/input/default.php @@ -45,7 +45,6 @@ if (isset($vars['js'])) { // default attributes
$defaults = array(
'type' => 'text',
- 'value' => '',
);
$attributes = array_merge($defaults, $vars);
@@ -58,6 +57,7 @@ foreach ($attributes as $attr => $val) { if ($val === TRUE) {
$element[] = $attr;
} elseif ($val !== FALSE) {
+ $val = htmlspecialchars($val);
$element[] = "$attr=\"$val\"";
}
}
|