Refs #756: htmlentities on all input views

git-svn-id: https://code.elgg.org/elgg/trunk@2704 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 4 insertions, 4 deletions

diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php
index fcd13a6b3..8d7d94e75 100644
--- a/views/default/input/pulldown.php
+++ b/views/default/input/pulldown.php
@@ -32,9 +32,9 @@
 	{
 		foreach($vars['options_values'] as $value => $option) {
 	        if ($value != $vars['value']) {
-	            echo "<option value=\"$value\">{$option}</option>";
+	            echo "<option value=\"$value\">". htmlentities($option, null, 'UTF-8') ."</option>";
 	        } else {
-	            echo "<option value=\"$value\" selected=\"selected\">{$option}</option>";
+	            echo "<option value=\"$value\" selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
 	        }
 	    }
 	}
@@ -42,9 +42,9 @@
 	{

 	    foreach($vars['options'] as $option) {

 	        if ($option != $vars['value']) {

-	            echo "<option>{$option}</option>";

+	            echo "<option>". htmlentities($option, null, 'UTF-8') ."</option>";

 	        } else {

-	            echo "<option selected=\"selected\">{$option}</option>";

+	            echo "<option selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";

 	        }

 	    }

 	}