Closes #1105: Value on input/pulldown view now escaped.

git-svn-id: https://code.elgg.org/elgg/trunk@3394 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-07-06 16:52:10 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-07-06 16:52:10 +0000
commit: 8276e36bced4d6ea99b6aaea29f59b0252cd15f7 (patch)
tree: d9dcc2e2c1e876954cf404a18f5b614b2a5c1d57 /views/default
parent: ba0f33ce82149827a84995250bd1eca9dbf65e9d (diff)
download: elgg-8276e36bced4d6ea99b6aaea29f59b0252cd15f7.tar.gz
elgg-8276e36bced4d6ea99b6aaea29f59b0252cd15f7.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php
index fb7619048..fe53865f8 100644
--- a/views/default/input/pulldown.php
+++ b/views/default/input/pulldown.php
@@ -32,9 +32,9 @@
 	{
 		foreach($vars['options_values'] as $value => $option) {
 	        if ($value != $vars['value']) {
-	            echo "<option value=\"$value\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
+	            echo "<option value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
 	        } else {
-	            echo "<option value=\"$value\" selected=\"selected\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
+	            echo "<option value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" selected=\"selected\">". htmlentities($option, ENT_QUOTES, 'UTF-8') ."</option>";
 	        }
 	    }
 	}
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-07-06 16:52:10 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-07-06 16:52:10 +0000
commit	8276e36bced4d6ea99b6aaea29f59b0252cd15f7 (patch)
tree	d9dcc2e2c1e876954cf404a18f5b614b2a5c1d57 /views/default
parent	ba0f33ce82149827a84995250bd1eca9dbf65e9d (diff)
download	elgg-8276e36bced4d6ea99b6aaea29f59b0252cd15f7.tar.gz elgg-8276e36bced4d6ea99b6aaea29f59b0252cd15f7.tar.bz2