aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Winslow <evan.b.winslow@gmail.com>2010-07-16 20:28:02 +0000
committerEvan Winslow <evan.b.winslow@gmail.com>2010-07-16 20:28:02 +0000
commit221090bb40a53622d990b63432160729e6d02aa5 (patch)
treee7fee7f589207ea5672be8e126787e44da8f9ac2
parent434e44174ab3689a15d0d23deeaa191c6695fcf8 (diff)
downloadelgg-221090bb40a53622d990b63432160729e6d02aa5.tar.gz
elgg-221090bb40a53622d990b63432160729e6d02aa5.tar.bz2
Escapes input attribute values with htmlspecialchars and removes default empty value from default inputs
-rw-r--r--views/default/input/default.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/views/default/input/default.php b/views/default/input/default.php
index 050e3b765..0577b34e5 100644
--- a/views/default/input/default.php
+++ b/views/default/input/default.php
@@ -45,7 +45,6 @@ if (isset($vars['js'])) {
// default attributes
$defaults = array(
'type' => 'text',
- 'value' => '',
);
$attributes = array_merge($defaults, $vars);
@@ -58,6 +57,7 @@ foreach ($attributes as $attr => $val) {
if ($val === TRUE) {
$element[] = $attr;
} elseif ($val !== FALSE) {
+ $val = htmlspecialchars($val);
$element[] = "$attr=\"$val\"";
}
}